011419

Page 1

utdailybeacon.com

Inside: • The UT Advisory Board appointed a student member and chair Friday. Read more on page 2.

@utkdailybeacon

• Staff Writer Bailey Fritz reviews modern country bops on page 5.

• Staff Writer Cory Sanning believes the backcourt is key to the men’s basketball team’s championship hopes. Read more on page 8.

Monday, January 14, 2019

File / The Daily Beacon

Two-step identification launches, offers extra protection Kylie Hubbard

Editor-in-Chief

• Non-traditional student Christy White introduces her new column on page 4.

Volume 137, Issue 2

Logging into your UT accounts will be a little different this semester. UT’s Office of Information Technology has launched two-factor authentication for students, faculty and staff logging into UT accounts such as MyUTK, Vol emails and Canvas. Associate Vice Chancellor and OIT Chief Information Officer Joel Reeves said two-factor simply acts as a second layer of authentication. “You have who you are- you have your NetID-, what you know- your password,” Reeves said. “Well, what this is is something you have- your phone or a token in some cases where people may not have access to a smartphone.” The push for two-factor identification was led by the continuation of phishing scams on campus, typically arriving via email. According to OIT Chief Information Security Officer Bob Hillhouse, a little over a million emails are sent to UT email addresses daily and by his estimate roughly 90 percent of them are phishing or spam. “To me, two-factor is a steroid shot for passwords. Really that’s what it is,”

Hillhouse said. “What it does is I know it’s you signing into your email or you logging into myUTK. I can be pretty certain it’s you.” Reeves said OIT is tested from a security standpoint from time to time. In April, a test targeted 600 campus workers and 29 of them gave up their login information to a phishing attempt in a little over an hour. “It was a beautiful phish- it workedand it’s just that easy,” Reeves said. “We were moving this direction anyways, but that was one of the things where it’s like we can’t stop phishing,” Reeves added. “We can’t stop people from taking the bait so that exposes us and we’ve got to do something about it.” How two-factor authentication works There are three ways to take the second step of identification when logging into your UT accounts: a push notification via the Duo Security Mobile app, a number to input on computer via text or push notification via the app or a number via a provided token if you do not have a smartphone. Reeves said the easiest way is to use the app to receive a push notification. “People are likely to remember their smartphones,” Reeves said. “Even bet-

ter they’re likely to go back if they forget their smartphones.” For those who don’t own a smartphone, token generators can be located in the OIT Hodges Commons location. The first token generator will be provided but, if lost, a new one will have to be purchased in the bookstore. Two-factor is being phased in during the spring semester using a voluntary system. Students, faculty and staff can start using two-factor identification by signing up on the OIT website and everyone will be required to use the system starting fall 2019. “Our goal is not to keep people out of their information and doing their work,” Reeves said. “Our goal is to secure it and make sure we are protecting our students and our faculty and staff’s information as much as we possibly can.” Once a device is authenticated, it will not have to be authenticated again for seven days. OIT is also considering removing the password change requirement if the password is set to a strong 12 or more characters and the UT affiliate is using two-factor identification. Reeves and Hillhouse said they often hear students brush off the UT password as not important. “It doesn’t matter until it matters

to you,” Hillhouse said. “There’s a lot of information about your grades... there’s also your financial aid information and then your parent’s information and it gets deeper and deeper.” Two-factor identification to be adopted by UT System Before a new technology is implemented at the campus level, Hillhouse said it is typically tested within OIT. Since November, faculty and staff, along with students, in OIT have been enrolled in two-factor. “We’ve used this product and its technology for over five years around different areas,” Hillhouse said. “We’re trying to go through and find out where the gotchas are- all the problems that could come up based on what other schools have done, based on what we hear from folks.” Some kinks so far have included surveys built in a way that students couldn’t access it with two-factor authentication and remedying the fact that students need to use their phones in class to log into certain UT accounts such as Canvas.

Story continued online Read more at utdailybeacon.com.

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.