{"id":422,"date":"2019-11-22T14:52:38","date_gmt":"2019-11-22T18:52:38","guid":{"rendered":"http:\/\/blog.uvm.edu\/whysecurity\/?p=422"},"modified":"2019-11-26T14:48:46","modified_gmt":"2019-11-26T18:48:46","slug":"duo-the-necessary-steps-to-protect-yourself","status":"publish","type":"post","link":"https:\/\/blog.uvm.edu\/whysecurity\/2019\/11\/22\/duo-the-necessary-steps-to-protect-yourself\/","title":{"rendered":"\u201cDUO\u201d the Necessary Steps to Protect Yourself!"},"content":{"rendered":"\n

Enabling Multifactor Authentication<\/em> <\/h3>\n\n\n\n

This post is part of a series contributed by the ISO\u2019s 2019-2020 student intern Emily Connolly, \u201920.<\/em><\/h4>\n\n\n\n

What is multifactor authentication? How do I use the DUO\napp? How do I lock down my passwords? <\/em>If these questions keep you up at\nnight, read on. If not, read on anyway; it\u2019s important knowledge to have.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Multifactor authentication (MFA)<\/em> is the practice of having two or more methods of verifying your identity when logging into an account. Entering your password is one method of verification, and others may include a text sent to your phone with a code, a security question, or even biometrics, like your fingerprint.<\/p>\n\n\n\n

MFA types fall into three major categories: something you\nknow, something you have, something you are<\/strong>.<\/p>\n\n\n\n

A password or a security question is something you know<\/em>. It doesn\u2019t change often and is a piece of information that can be leaked or stolen. However, the second piece of authentication requires something you have<\/em> (a one-time code) or something you are<\/em> (fingerprint) to proceed. These are harder to get false access to without physically stealing your phone or stealing one of your fingers (in which case you\u2019d have much bigger problems).<\/p>\n\n\n\n

You\u2019ve probably used multifactor authentication\nbefore\u2014Google accounts often enforce it when you\u2019re logging in on a new device.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Multifactor authentication helps protect your account by setting up several ways to verify that it\u2019s really you logging into your account. That way, even if someone cracks your password, there is another, tougher layer of security for them to get through.<\/p>\n\n\n\n

Multifactor Authentication at UVM <\/h2>\n\n\n\n

Here at UVM, some resources are protected by DUO Multifactor\nAuthentication<\/em><\/a>. With this tool and the free smartphone app, users are\nsent a one-time verification method to use alongside their login credentials. This\nverification can be sent as a push notification from the app (easiest method),\nor as the six-digit code provided in the app. This code can also be sent as a\ntext message, through a landline phone, or even as a generated list of codes users\ncan use when offline as well.<\/p>\n\n\n\n

This method adds a second step to the login process and thwarts\nwould-be attackers who may have your password, but do not have access to your\nphone. Multifactor authentication protects you, your information, and the\nUniversity\u2019s information.<\/p>\n\n\n\n

However, beware if you receive a request in your DUO app\nthat was not sent by you.  Sometimes,\nusers can get a request and know they did not send a push notification to their\nmobile device (tablet or mobile phone). Denying the request is your best option;\nit could be someone else attempting to gain access to your account.<\/p>\n\n\n\n

More information<\/h2>\n\n\n\n

To learn more about multifactor authentication here at UVM\nyou can visit https:\/\/www.uvm.edu\/it\/kb\/article\/duo-multi-factor-authentication<\/a>\nor read the Duo FAQ at https:\/\/www.uvm.edu\/it\/kb\/article\/duo-faq<\/a>.\nWe also made another blog post back in 2016 on the matter, which you can read here<\/a>.<\/p>\n\n\n\n

\"\"<\/figure>\n","protected":false},"excerpt":{"rendered":"

Enabling Multifactor Authentication This post is part of a series contributed by the ISO\u2019s 2019-2020 student intern Emily Connolly, \u201920. What is multifactor authentication? How do I use the DUO app? How do I lock down my passwords? If these questions keep you up at night, read on. If not, read on anyway; it\u2019s important … <\/p>\n

Continue reading “\u201cDUO\u201d the Necessary Steps to Protect Yourself!”<\/span><\/a><\/p>\n","protected":false},"author":4920,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[351618,351621],"class_list":["post-422","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-mfa","tag-student_contributor","entry"],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Emily","author_link":"https:\/\/blog.uvm.edu\/whysecurity\/author\/econnol2\/"},"_links":{"self":[{"href":"https:\/\/blog.uvm.edu\/whysecurity\/wp-json\/wp\/v2\/posts\/422","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.uvm.edu\/whysecurity\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.uvm.edu\/whysecurity\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.uvm.edu\/whysecurity\/wp-json\/wp\/v2\/users\/4920"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.uvm.edu\/whysecurity\/wp-json\/wp\/v2\/comments?post=422"}],"version-history":[{"count":8,"href":"https:\/\/blog.uvm.edu\/whysecurity\/wp-json\/wp\/v2\/posts\/422\/revisions"}],"predecessor-version":[{"id":438,"href":"https:\/\/blog.uvm.edu\/whysecurity\/wp-json\/wp\/v2\/posts\/422\/revisions\/438"}],"wp:attachment":[{"href":"https:\/\/blog.uvm.edu\/whysecurity\/wp-json\/wp\/v2\/media?parent=422"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.uvm.edu\/whysecurity\/wp-json\/wp\/v2\/categories?post=422"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.uvm.edu\/whysecurity\/wp-json\/wp\/v2\/tags?post=422"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}