ODU Will Require Two-Factor Authentication to Access MIDAS
July 11, 2018
To protect against phishing, Old Dominion University will soon require two-factor authentication to access its MIDAS platform.
Phishing involves sending fraudulent emails that imitate reputable sources to access personal information.
According to Doug Streit, ODU's chief information security officer, 10 to 30 percent of phished accounts become compromised. ODU receives thousands of phishing emails each year.
"Last year, we had a student account successfully phished, which was then used to send a job scam out to thousands of ODU students. Several students responded to the job scam, and at least one was scammed out of some money, resulting in a police report," Streit said. "Phishing and job scams will still be possible, but it will be much more difficult to initiate them from odu.edu email addresses."
Users now submit single ID and password authentication to log on to MIDAS. In the two-factor authentication, ODU offers an additional layer of security by requiring a second identity verification using a program called Duo.
After logging in to an ODU service using a MIDAS ID and password, users will be prompted to confirm their identity a second time by using a physical device (like a smartphone or token) that's been attached to their account.
Smartphones and tablets are recommended for the new system. By selecting the option "Send Me a Push," Duo sends a notification to Duo Mobile on the device and a tap enables the user to sign in.
Hardware - picture a key fob -- and software program tokens, which generate codes, are also available for purchase.
Any member of the ODU community may start two-factor authentication now. In November, it will become mandatory for all faculty and staff. Students and other University affiliates will be required to use the new system in early 2019.
Streit realizes the change could bring frustration, but he also knows what can happen when information isn't protected.
"We are fortunate to have a strong information security program at ODU, but no organization is immune from being successfully attacked," Streit said. "Two-factor authentication protects us by requiring a registered device that is in the possession of the account holder in order to complete the authentication. This is something a remote attacker will find difficult to overcome."
For more information on two-factor authentication, visit www.odu.edu/ts/access/two-factor-authentication