Why Duo?

Passwords are no longer enough: we need Duo Two-Step Login to protect our financial data, our student data and our research data, and also to protect the reputation of the University.  Each year, sophisticated “phishing” schemes and other tactics lead to hundreds of ONID accounts becoming “compromised” (accessible to unauthorized people), and that number continues to increase. Nationally, other universities have been adopting two-step login for several years, and it’s time for us to join them.  It’s our responsibility as good “digital citizens” to protect the data entrusted to our care.

Why now?

In recent months, the rate of successful compromises of ONID accounts has dramatically increased at Oregon State. In the Fall of 2018, there was a 400% increase in compromised accounts, when compared to a prior three year average. Other universities across the country have responded to similar increases by requiring DUO, or similar two-step login processes, for all accounts. Because two-step protocols are the best means of reducing the success rate of the attacks, Oregon State will require all non-student ONID accounts to use this technology by no later than the end of May 2019.

Why mandatory?

The recent increase of compromised accounts represents an unacceptable level of risk to institutional data and sensitive information. Because nearly everyone at OSU has access to non-public information, the best way to address this risk, and to protect the OSU community, is to make Duo two-step login mandatory for all ONID accounts.  Non-student accounts will become mandatory by the the end of May 2019.  Student accounts will become mandatory during AY2019-2020. University-wide use of two-step login helps us protect against attempts to steal information entrusted to our care, including: financial data, student and employee records, and sensitive medical and human subjects data.  Without Duo, we are at much greater risk.

What does Duo protect against?

  • Attempts to change your paycheck direct deposit setting without your knowledge
  • Criminals attempting to commit identity fraud
  • Unauthorized access to read and send your email

Are other universities doing this?

Yes! Most of our peer institutions have already implemented mandatory two-step login (sometimes referred to as multifactor authentication) for their employees. Many have also made this type of security mandatory for students already or are beginning to do so. See the partial list below for details on what some other institutions are already doing.

University Employee Student
University of Arizona Mandatory Mandatory
Arizona State University Mandatory Optional (except direct deposit)
Mandatory planning underway
University of California, Berkeley Mandatory Mandatory
University of California, Los Angeles Mandatory Mandatory
University of Colorado Boulder Mandatory for specific applications Mandatory for specific applications
University of Oregon Optional Optional
University of Southern California Mandatory Student employee mandatory
Not available for other students
Stanford University Optional Optional
University of Utah Mandatory Optional
University of Washington Mandatory Optional (only available for some students)
Washington State University None None
Purdue University Mandatory Mandatory
Colorado State University Mandatory Mandatory for specific applications
Iowa State University Optional Optional
North Carolina State University Mandatory  Student employee mandatory
Optional for other students
University of California, Riverside Mandatory Optional (Feb '19 mandate)
University of Tennessee Optional  (Fall '19 mandate) Optional  (Fall '19 mandate)
Ohio State University Mandatory Mandatory
Pennsylvania State University Mandatory Optional
University of California, Davis Optional (Feb '19 mandate) Optional (June '19 mandate)
University of Florida Optional & Mandatory None
University of Illinois Mandatory Grad - Mandatory
Undergrad - Optional
University of Wisconsin Optional (Q1 '19 mandate) Optional (Q4 '19 mandate)