February, 2017 CIO Update
Compromise of data and IT systems through the use of stolen credentials continues to be one of the top cyber threats faced by our University. A compromise may not only place University information at risk, but can also jeopardize your personal information that is protected by these credentials. In order to reduce the risk associated with stolen credentials and better protect our digital environment, VCU is more fully integrating multi-factor authentication (VCU 2Factor Authentication) to its Central Authentication System (CAS). VCU 2Factor Authentication provides a method that performs additional verification for an individual once the individual submits his / her username and password. This additional verification step can prevent a cybercriminal from impersonating their victims by using her credentials alone, since the cybercriminal will usually not possess knowledge or item used to perform the secondary verification.
We are currently executing a 12 month project to integrate VCU 2Factor authentication into all applications protected by its CAS system, with the goal of completing the migration of existing applications by Fall 2017. Starting spring of 2017, many members of the University community will begin to see applications using VCU 2Factor Authentication enabled CAS, which will require VCU 2Factor Authentication for faculty and staff and sensitive applications, while providing optional enrollment for students. The implementation of VCU 2factor Authentication with CAS will provide the ability for individuals to perform a secondary verification after the username and password is entered at logon. Sample screens of what you may see is shown below.
Most of us in IT positions at VCU and many staff and faculty that have a need to access sensitive data are already utilizing 2Factor, but over the next couple of weeks we will be widely communicating a broader rollout of this service. VCU 2Factor Authentication will be conducted through a phone when individual authentication is performed from unknown or untrusted locations. Individuals can register their cell phones or landlines in order to perform the secondary verification as an option. For individuals using supported Smart cell phones, an app (Duo) is also available for download that can quickly and easily help perform the verification. Since this roll-out will affecting most staff, faculty, and many students, Technology Services has developed and will be implementing a communication plan (and thanks to VCU students who have helped with this) to get the word out, and I ask those of you reading this to help support our efforts.
To learn more about the VCU 2Factor authentication initiative and find out how to register and use the system, please visit http://go.vcu.edu/2factor