facebook icon facebook icon facebook icon
  • About
  • ADS
  • Masthead
    • Editorial Board
  • Submission
  • Subscribe
The Wellesley News -
  • News
    • Contract ratified by Wellesley’s Maintenance and Service Employees Union
      Contract ratified by Wellesley’s Maintenance and Service Employees Union
    • News in Brief
      News in Brief
    • Wellesley adapts to end of race conscious admissions
      Wellesley adapts to end of race conscious admissions
    • Senate Report
    • News in Brief
  • Features
    • Professor Spotlight: Dr. Faisal Ahmed
      Professor Spotlight: Dr. Faisal Ahmed
    • Spotlight: New Professor Kathryn Winner
      Spotlight: New Professor Kathryn Winner
    • Spotlight: New Professor Lucia Nhamo ’11
      Spotlight: New Professor Lucia Nhamo ’11
    • Humans of Wellesley
    • Archives
  • Opinions
    • France’s Abaya Ban Unveils Its Own Misogyny
      France’s Abaya Ban Unveils Its Own Misogyny
    • Editorial: In defense of affirmative action
      Editorial: In defense of affirmative action
    • I am an NCAA champion: we should end college recruiting
      I am an NCAA champion: we should end college recruiting
    • Editorials
    • Letters to Editors
  • Arts
    • The SAG-AFTRA and WGA Strikes: What’s happening in Hollywood?
      The SAG-AFTRA and WGA Strikes: What’s happening in Hollywood?
    • Digging into Hozier’s Unreal Unearth: “De Selby (Part 1)” and the Population of Loss
      Digging into Hozier’s Unreal Unearth: “De Selby (Part 1)” and the Population of Loss
    • Summer Releases to Help Usher in Fall
      Summer Releases to Help Usher in Fall
  • Sports
    • Gauff and Richardson Shatter Expectations
      Gauff and Richardson Shatter Expectations
    • Student Athlete of the Month: Kennedy Mayo
      Student Athlete of the Month: Kennedy Mayo
    • No image
      What even is a BORG and why does it matter?
  • Multimedia
    • Photo of the Week
      Photo of the Week
    • “Stronger Together” Rally with Chelsea Clinton
      “Stronger Together” Rally with Chelsea Clinton
    • College Government Vice President 2016 End of the Year Report
      College Government Vice President 2016 End of the Year Report
    • Podcasts
    • The Wellesley Snooze
  • Projects
      • The News in Conversation
    • About
      • Contact
      • Join the News
      • Masthead
      • Editorial Board
    By Sophia Le Groff Pollack News, News and FeaturesOctober 25, 2019

    Required DUO enrollment boosts Wellesley’s cybersecurity

    In case it got lost in your overflowing inbox, as it did for many students, here it is in print: all students must register for DUO by October 29th. DUO is a two-factor authentication system, and it is a protection for your Wellesley Workday and Google accounts. It is necessary due to the ever-growing threat of phishing. 

    There are several ways that two-factor authentication can work. Upon trying to log in to your account you may receive a text message with an additional code to write in, or a phone call with an automated voice that dictates the code to you. The method that Wellesley will be implementing is the push method, which, according to Wellesley’s Chief Information Officer (CIO) Ravi Ravishanker, is also the most secure. Upon entering their usernames and passwords into either Workday or your Wellesley Google accounts, students will receive a push notification requiring them to confirm that they attempted to log in to their account.

     “If somebody else somewhere is trying to log in and you suddenly get a push, you know that somebody is trying to break in,” Ravishanker said.

    According to Ravishanker, Wellesley’s security systems thwart massive numbers of account hacking attempts. “If you really look at how many attempts that we thwart, it can be anything from 5,000 to 10,000 attemtps every second,” Ravishanker said. This  applies most to staff and faculty, who have all been required to use DUO since last year, and who hackers would be more likely to attack because they “are the guardians of not just [their] own data, but of other people’s data,” Ravishanker explained. This can include the names and grades of students, and the salaries of other employees. 

    It is important to note that the immense number of detected and thwarted account break-in attempts is only one part of cybersecurity. “There was also an article today saying 90% of all compromises come from within,” Ravishanker said. Often, account compromises happen because users have weak passwords or fall for phishing tactics. This part of the security issue is very relevant to students. “Phishing” occurs when someone makes a user unwittingly give up their password. Since most people use the same password for multiple accounts or websites, this is an incredibly frequent phenomenon. Heather Woods, associate CIO of Wellesley, and Doug Chudzik, the DUO project manager, both mentioned the example of the online textbook rental site Chegg being compromised recently. Students who use the same password they use on sites like Chegg as their school password, and often their same username as well, are immediately compromised; a phisher knows what password to use to access personal information and where. 

    All three add that another good reason to implement two-factor authentication is that it is becoming internationally recognized as a necessity. Most workplaces have it, and banking accounts or other places that store your personal information also now ask customers to use two-factor authentication. At Wellesley, it has had visible results. The number of people compromised by phishing, particularly in faculty and staff, decreased at first after implementing security education, and then significantly after implementing DUO.  

    The implementation of DUO at Wellesley has not been flawless as some students have reported having difficulty logging into their accounts. However, the LTS team expect the DUO enrollment and use process to become very easy, or to quickly find solutions to any problems that arise. 

    In response to the issue that many faculty members do not bring their cell phones to class and therefore could not do two-factor authentication, LTS has given those who need it a YubiKey. It is essentially a USB key which makes up the second part of the authentication (for Google accounts only) rather than a push notification or text message. It requires the person logging in to plug in the key and physically push it to activate it. If other issues arise with DUO, the computing help desk in Clapp Library will have extended hours on October 29th— the deadline for registering. 

    Activating DUO is not a guarantee of complete cybersecurity. For example, it will only protect your Wellesley account, not any personal accounts. Using different passwords for every account (the LTS team mentions using password managers as a possibility) and changing passwords regularly increases safety. Ravishanker says that laws do not make it easy to trace and recover stolen money or information. So as for the security methods, “As much of a pain [as] it is, you don’t want to come to regret it afterwards”. 

    Share on

    • Facebook
    • Twitter
    • Pinterest
    • Google +
    • LinkedIn
    • Email
    Previous articleCGP continues to grow in the face of challenges 
    Next articleFirst Gen Dinners raise concern about the role of upper level admin in the first gen community

    You may also like

    Contract ratified by Wellesley’s Maintenance and Service Employees Union

    News in Brief

    Wellesley adapts to end of race conscious admissions

    Leave a Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    The Wellesley News

      SECTIONS

    • News
    • Features
    • Opinions
    • Arts
    • Sports
    • Multimedia
    • Projects
    • About

      ABOUT

    • Contact
    • Join the News
    • Masthead
    • Editorial Board

      RESOURCES

    • Advertising
    • Submission
    • Subscribe

      CONTACT US

    • Contact
    COPYRIGHT © 2023 THE WELLESLEY NEWS