OIT unveils two-factor authentication for Blackboard log-in

The Office of Information Technology has implemented an additional security measure requiring duo two-factor authentication to access Blackboard. Students will be able to download this update beginning May 8, supplanting the normal duo authentication required to access University-specific documents and services.

The update requires students to enroll a device that will be used in the authentication process during login. Once students log in with their passwords, they will be prompted to approve the login through a push notification on their cell phones, a sequence of numbers generated by OIT, or through a landline. This added security measure is to ensure the protection of students’ intellectual property, personal information, and University data.

Students may register their devices earlier by logging in to the Duo Self-Service Portal. OIT will also provide help tables at Frist Campus Center from 9 a.m. to 5 p.m. on Wednesday, April 26, and Wednesday, May 3, if students want to set up the duo 2FA process before May 8. A table will be set up at Frist during the week of May 8 to assist in enrolling devices in the duo 2FA system.

As information technology and security grow increasingly complex, the ability to defend against a breach into a systems network has become more important.

Last year, a weak link in cluster printers led to a widespread attack in which a white supremacist group was able to print out anti-Semitic fliers across campus printer clusters. This attack affected not only the University, but also several other universities across the country. The breach was quickly resolved, but it became a blaring wake-up call that we take our information security for granted. It has been through OIT’s unwavering commitment to strong security that we can trust University systems.

The decision to switch to the duo 2FA system demonstrates the need to improve overall campus security. Peter Russell ’19, a student involved in cyber security research on campus, said he regards the update as a positive sign of OIT’s vigilance.

“You can really see OIT’s move to update the system as a broader effort to improve the cyber hygiene of the University’s network, given that there are so many connections between University clusters, machines, and assets,” Russell explained. “Hackers usually exploit this interconnectedness to gain access to secure connections via a weaker link.”

An example of such a breach happened in Target in the fall of 2013 through a clever attack against a weaker node. The breach occurred through accessing an unsecured heating, ventilation, and air conditioning node which linked to meat scales, which subsequently routed to the cash registers. It was through this missed detail that nearly 40 million credit card numbers and 70 million addresses and emails were leaked.

In consideration of such security breaches, the duo 2FA will act to further enhance the security of its systems, as well as the integrity of sensitive information of all students, faculty and staff.

The link to the duo 2FA update can be found on OIT’s website.