New authentication service on Touchstone
MIT’s IS&T has added a new two-factor authentication system to Touchstone that will provide more secure access to important MIT services such as Atlas. With “Duo,” knowing a person’s username and password will not be enough to log in with Touchstone.
IS&T manager Garry Zacheiss made light of the fact that MIT’s online services have lagged behind others (such as the World of Warcraft game) in terms of dual-factor authentication. “If people are using two-factor authentication to protect their fake money in a video game, shouldn’t we be using it to protect our real assets at MIT?” he asked.
According to IS&T’s Knowledge Base, community members can take advantage of the optional service in a variety of ways.
Those who use a smartphone can receive a push notification each time they log in, and would be expected to verify that they are attempting to sign in by pressing an “approve” button. Smartphone users can also download a mobile app which will allow them to enter a single-use code each time they log in; the app does not require network connectivity to generate the codes.
Users with other telephones can request that they be sent codes each time they log in, through an automated voice call or a text message.
Those without phones can take advantage of Duo by purchasing a hardware token, such as one that plugs directly into a computer’s USB port or one that simulates the smartphone app and generates single-use codes.
Enabling two-factor authentication with Duo will make it more difficult to fall victim to phishing scams as ten Boston University employees did in December when scammers changed their direct-deposit settings to reroute their paychecks, according to BU’s news office.