Dual-authentication for logging onto Bowdoin Information Technology (IT) services such as Workday and Webmail with a Bowdoin username and password is now available to faculty, staff and students using a product called Duo. The effort comes in response to increased phishing and a January cybercriminal attack on faculty Workday data that changed direct deposit information, according to IT Security Officer Eric Berube. He noted that other institutions have seen similar attacks recently.
Currently, 381 users are enrolled on Duo and the technology protects 11 applications and serves 808 endpoints—devices that are used for authentication, like a smartphone, Berube said.
Individuals can apply to activate two-step through a service request on the IT homepage or by going to the IT service desk in Coles Tower.
The program works by sending push notifications to quickly approve sign-ons from the lock screen of smartphones, as well as from a variety of other devices. Alternatively, users can enter a code via number generation. Two-step can also be completed using a token, known as a UB key, that can be plugged into a computer, or users can receive a phone call on their mobile device or landline.
The service is not required, and IT announced it only to a few groups, although any student is allowed to use it. Only certain individuals, such as managers who have the information of their fellow employees in addition to their own, are required to use Duo for additional account security.