Jessie Minton, Vice Provost for Information Services and Chief Information Officer, sent the following message to UO employees (faculty, staff, graduate employees, and student employees) on February 19, 2020:
Subject: Faculty and staff to start using two-step login (Duo)
I am writing to tell you about some critical steps Information Services is taking to fortify the University of Oregon's defenses against cyberattacks. The linchpin of our cybersecurity strategy is two-step login powered by Duo Security.
Introducing Two-Step Login
Simple yet powerful, two-step login is the single most important thing you can do to protect your Duck ID account, the university, and the people around you.
Universities around the world, including the UO, are high-priority targets for hackers. An example is the phishing attack we experienced in August 2018. Cybercriminals try to steal credentials from UO faculty, staff, and students in hopes of gaining unauthorized access to UO systems that contain personal information, research data, and intellectual property.
Amazingly, two-step login blocks nearly 100% of attacks based upon credential theft, according to research by Google and Microsoft. I say "amazingly" because two-step login has been so unobtrusive in my experience. I hope you'll find Duo as seamless as I do.
Most people will only have to do two-step login about once a week, thanks to the "Remember me for 7 days" option. When your verification day comes, it's as simple as tapping a button in a mobile app, entering a code, or answering a telephone call, depending on what devices you've registered. That extra verification step will apply to all UO websites that use Shibboleth single sign-on—that familiar "Login Required" screen we're accustomed to seeing in Canvas, MyTrack, Concur, and elsewhere.
UO Does Duo
About 1,800 UO employees are already using Duo, including IT staff and Banner users.
This project aims to enroll the remaining 12,000 or so employees—including faculty, staff, graduate employees, and student employees—during winter and spring terms. For now, Duo enrollment is voluntary, though we strongly encourage you to enroll as soon as possible. In the next couple of months, we will announce a date after which two-step login will become mandatory.
You can enroll yourself by following these instructions. If you're contacted by IT staff in your area asking you to enroll in Duo during a particular time frame, please heed their recommendations.
Students who aren't UO employees will be enrolled in a future phase of the project.
This effort is made possible by strategic funding recommended by the university's Budget Advisory Group. In planning this rollout, we have worked with President Michael Schill, Provost and Senior Vice President Patrick Phillips, the Academic Leadership Team, the IT Steering Committee, and campus IT directors, and we'll be meeting with University Senate leadership in the coming weeks.
Because logging in to web services is such a fundamental aspect of nearly everything we do here, some people may be concerned about how two-step login will impact them. The university and Information Services are committed to working with IT staff throughout the UO to minimize any impacts and ensure a smooth rollout.
You can learn more about this project in Around the O ("Two-step login is now available to all UO employees") or on the Information Services website at is.uoregon.edu/projects/duo.
Enhancing IT Infrastructure
Two-step login is just one of the information technology initiatives underway at the University of Oregon. Many of you are now using UOmail, as progress continues toward the email consolidation I announced in 2018. After a deliberate, collaborative planning process, Transform IT will continue reorganizing UO's IT support structure in the coming months. And we are poised to significantly advance telecommunications and more starting later this year.
All of these strategic changes help us enhance IT infrastructure to ensure academic excellence—one of UO's institutional priorities—while efficiently stewarding limited resources. Fundamentally, IT is here to enable learning, teaching, and research—and to protect those endeavors from unnecessary disruption.
Thank you for your cooperation as we launch Duo. We look forward to taking this big step forward together.
Vice Provost for Information Services and Chief Information Officer