Virginia Tech will enhance the security of all major university data systems through the implementation of two-factor authentication protocols at login.  

The initiative will protect users, data, and applications from account breaches due to credential theft. Once implemented, users will enter a code received through a secondary device when logging in to data portals such as My.VT, HokieSPA, and Banner. The system selected for the initiative is easy to use, allowing self-registration, and the option to receive the code across a variety of devices. The initiative will safeguard faculty, staff, and students from theft of data with minimal disruption in their daily workflow.

“As cyber-attacks become more numerous and sophisticated, combating the threats to personal data and sensitive information is becoming more challenging. By using the secure credentials developed through this initiative, we will all be doing our part to protect the university community,” said Vice President for Information Technology and Chief Information Officer Scott F. Midkiff.

The move to two-factor authentication is the culmination of an investigation that took place over the past two years. In response to the impact of password guessing and phishing attacks on Virginia Tech systems and users, Midkiff named a cybersecurity task force in 2014. 

The task force recommended that all critical university systems be protected by two-factor authentication utilizing one-time passwords. A one-time password is a single-use code that is received via a device in the user's possession. While this method of authentication is already used at Virginia Tech with select applications, the technology has not been widely utilized, and no solution is currently in place that would scale to the whole university. This new endeavor brings two-factor authentication to the enterprise scale for the entire university.

Virginia Tech has selected Duo Enterprise Edition as the technical solution for the initiative. “We’re proud to be protecting Virginia Tech’s faculty, staff, and students from malicious attacks and phishing attempts,” said Duo Security chief executive officer and co-founder Dug Song. “We look forward to working with Virginia Tech to adapt our access security solution to make it as seamless and effective as possible.”

For more information or to track progress, visit the project website.

Written by Susan Brooker-Gross