The University of Miami Information Technology (UMIT) department announced that effective Monday, April 11, the Duo Multi-Factor Authentication system (MFA) will have two additional authentication options to boost security. This move is in response to an increase in cybercriminal activity targeted at universities and healthcare organizations. These activities are primarily fraudulent Duo MFA requests.
Multi-Factor authentication serves as a defense that makes it more difficult for unauthorized users to access a person’s information on UM’s single sign-on,enabled application services such as Canelink, CaneID, Blackboard and Workday.
Duo, a security two factor authentication service is an approved vendor of UM’s MFA services, and is required for all UM staff, faculty and students to have enabled.
After entering a CaneID and password on any UM-affiliated application service, Duo MFA requires proof of identity which is an extra step to the login process that many students, staff, and faculty are familiar with.
The UM community can now generate passcodes through the Duo mobile app in the absence of wifi and cellular service.
“This works anywhere, even in places where you do not have an Internet connection or cellular service,” said a UMIT email to the UM community. “Passcodes via the Duo mobile app are only good for one use; refresh the passcode on the Duo mobile app to obtain a new one.”
Alternatively, codes can be sent through SMS text message.
“To have Duo text a batch of passcodes to your mobile phone, click the ‘Text me new codes’ button after clicking ‘Enter a Passcode’ in the Duo authentication prompt,” the email said.
Student, Zanaiah Billups said she likes the changes.
“I think those are good options,” said Billups, a sophomore majoring in music business. “I personally would prefer the text messages just because it’s kind of more centralized, but I think both are good in terms of thinking about, you may not always have immediate access to wifi.
Emiliano Sosa, a sophomore studying business law, however, said he deems the new implementations as unessential as he’s never experienced cybercriminal activity using the duo-mobile system.
“I think it’s unnecessary,” Sosa said. “I think it was fine before.”
Assistance for these new access methods are available at the Duo MFA service page.