The Observer

Filed under Headlines, News

ITS to implement mandatory two-factor authentication for VPN access, disable outdated connection protocols

Hang on for a minute...we're trying to find some more stories you might like.


Email This Story






Starting April 20, ITS will require all users of Case Western Reserve University’s VPN to register a form of two-factor authentication on their accounts in order to continue accessing the service. This is a change in policy to the previous VPN changes implemented in January, which introduced two-factor authentication but did not require it. ITS believes that the use of two-factor authentication will increase security for the university’s technology resource by preventing unauthorized users from gaining access to accounts even if they have the password.

Two-factor authentication increases security by requiring another form of authentication in addition to a password. These secondary forms of authentication can include a hardware key generator, an application on a smartphone or a code sent in a text message. This method of authentication ensures that unauthorized users cannot gain access to a person’s account unless they are in possession of the device used to generate the additional key.

ITS has chosen Duo Security to be the two-factor authentication provider for the new system. The company offers applications which generate the codes required for login on iOS, Android and Windows Phone compatible devices. In addition to authenticating with a code, the app allows a user to confirm their login by responding to a push notification. The application does not require an internet connection to work, so it can be used to login anywhere. If users of the system do not have access to a smart phone, login codes can also be sent by text messages, by phone or from a previously generated list of codes.

ITS recommends that at least two devices should be registered for any account. Currently devices that can be registered include landline phones, cell phones, smartphones and tablets.

Although the system is currently only available for VPN login, ITS is looking to expand the services to other login systems such as Single Sign-On, which is used to gain access to services such as Blackboard and email.

In addition to a comprehensive guide to setting up the authentication system, ITS has created a series of training videos in order to make enrolling in the system as easy as possible.

In another attempt to increase VPN security, ITS is disabling access to the network using IPsec based clients. This protocol is used in clients built into operating systems, such as Mac OS X. After this change, ITS recommends that all users of the VPN use the Cisco AnyConnect client available on their website.

About the Writer
Joseph Satterfield, Web Editor

Joseph Satterfield is a senior majoring in Computer Science. Originating from Aliquippa, Pennsylvania, he was attracted to CWRU because of its excellent...

Leave a Comment

In an effort to promote dialogue and the sharing of ideas, The Observer encourages members of the university community to respectfully voice their comments below. Comments that fail to meet the standards of respect and mutual tolerance will be removed as necessary.




Case Western Reserve University's independent student news source
ITS to implement mandatory two-factor authentication for VPN access, disable outdated connection protocols