Skip to end of metadata
Go to start of metadata


Password compromise and identity impersonation continues to be one of the top information security threats on campus.  It is well known in the industry that simple password authentication is not effective anymore for verifying identity and enforcing access control.  However this type of security control is often the only protection for university high-value assets.


Implementing Duo multi-factor authentication virtually eliminates the risk of password compromise and identity impersonation by requiring the user to also enter a one-time passcode generated from a device only in their possession (either smartphone app or hardware token) when authenticating to a system.  This combination of "something you know" (password) with "something you have" (Duo token) would then require an attacker to steal not only their password but also a physical device in their possession, which is much less likely than password compromise.



  • No labels