Changes to VPN aim to provide more Internet security

Two-factor authentication has been an important security feature offered by popular services such as Gmail for years, and it is now coming to Case Western Reserve University’s network. Two-factor authentication is going to be required for access to the virtual private network (VPN).

The VPN allows members of the community to access CWRU’s network while not on campus and gain access campus-wide resources, such as software from the software center or journal articles to which the school has subscriptions.

The push for two-factor authentication came after many phishing attacks, where hackers send fake emails pretending to be legitimate, to acquire sensitive information such as passwords. These attacks occur quite often, with a major attack on the university’s payroll system, Human Capital Management, occurring over this past summer.

“Password theft is rampant,” said Tom Siu, chief information security officer at ITS. He estimates that in a six-month period, 400-500 passwords are reset due to possible password theft. These days password theft is common enough that passwords are no longer a reliable way to protect sensitive information.

Two-factor authentication works by having two necessary requirements to sign in: a password and something that the user can physically access that someone else who may know the password would not have to. This allows an added layer of security to prevent someone from accessing an account, especially if the attacker does not have physical access to the physical authentication process.

A convenient way to use two-factor authentication is to have a mobile application that generates a one-time key to grant access to log in. However, for non-mobile phone users, there are many alternatives that would allow two-factor authentication to be possible for all members of the community. For example, there are physical keys that generate two-factor authentication codes that one can buy inexpensively without needing a mobile device.

Two-factor authentication is starting with the VPN, because information behind the VPN, is especially sensitive. There are plans on transitioning it to other password systems, including Single Sign-On, the pathway to signing on for Student Information Systems and Blackboard. These transitions will not be mandatory for all students, but are highly recommended to protect students accounts.

The Information Technology Services Help Desk is available to assist people with two-factor authentication. They will also be putting up videos on how to set it up.