Bringing Multi-Factor Authentication to Our Students

Last fall, we began encouraging students to sign up for Duo Multi-Factor Authentication (MFA). This semester, we’re making it mandatory. The rollout is happening in waves, with the last group’s final date set at April 9, 2021. 

Group First Semester of Enrollment Activation Date
Group 1 Summer 2019-Fall2020
(Last Name A-M)
February 26, 2021
Group 2 Summer 2019-Fall2020
(Last Name N-Z)
March 5, 2021
Group 3 Spring 2021 March 12, 2021
Group 4 Spring 2018-Spring 2019 March 19, 2021
Group 5 Fall 2017 & Earlier April 9, 2021

Our data shows that Duo works at SJSU. Over the last six months leading up to February 2021, Duo blocked access almost 100,000 times, which is 4.6% of all attempted logins during that time span. Recently, other campuses without MFA have been hit through unprotected student accounts. 

Protecting our student accounts with Duo is a major part of our strategy to be one of the most secure campuses in the country. Attackers have started playing the long game. They’re gaining access to students accounts, targeting people majoring in fields that are high income or who may have access to valuable research. Once they have passwords that work and access they can use, they wait five, ten, or more years to use that access to ransom user data or get into secure corporate systems. Duo for our students isn’t just about protecting them while they’re on campus, but protecting them when they’re alumni. 

There are lots of people in SJSU IT working on this rollout, but we couldn’t have done it without the support of Student Affairs, especially Robb Drury and Bonnie Sugiyama. I want to call out Maggie Panahi, Jason Ferguson, Sharon Watkins, Alfred Eclipse, Tristan Orlino, Andy Trembley, and James Anderson for their contributions. 

Best regards,
Bob Lim
Vice President of Information Technology
and CIO at San Jose State University

Leave a Reply

Your email address will not be published. Required fields are marked *