Starting this summer, upped security for many MIT applications

Starting this summer, upped security for many MIT applications

Duo two-factor authentication will be required for all students accessing MIT systems protected by the authentication service Touchstone, starting June 15. Over 20 MIT applications, including Stellar, Atlas, WebSIS, and the MIT Library catalog use Touchstone as a single sign-on service.

Two-factor authentication prevents a hacker from compromising a user’s account with just his or her password. The hacker would need access to one of the user’s physical devices to be able to login to MIT’s systems. This “second factor” can be a push notification to the user’s phone or another hardware token, like a USB key. Duo allows users to remember a device for thirty days, so users won’t be prompted for a second factor at every login.

Last July, IS&T Vice President John Charles informed the MIT community that Duo two-factor authentication would be gradually rolled out to all of campus by this summer. By September 30, 2015, faculty and staff were required to enable Duo for Touchstone, and all community members needed Duo to access MIT’s virtual private network (VPN). The deadline for students to enroll in Duo was announced in an email last Thursday.

The Ann Arbor, Michigan-based Duo Security, which provides the two-factor service, raised $30 million in funding last April. Other nearby colleges, including Boston University, Harvard, and Tufts, already offer Duo two-factor authentication. The service has also taken root at universities across the country — Princeton is rolling out Duo this summer as well.

—Ray Wang