Dear faculty, students, and staff,
The email below from Provost Jehanian is authentic. Our campus will also be adopting the two factor authentication for faculty, staff, and student workers. I urge all students to also use two factor authentication as it significantly reduces the changes of someone else using your account.
With two factor authentication, you will enter your normal Andrew ID and password and then another number generated by your phone before the system logs you in. (The phone generates a new number every few seconds.) Or, you can ask the system to push a confirmation notification to your smart phone that you can approve in the accompanying app. Even if someone steals your password, they will not be able to supply the second number or send the special notification to your phone to login to the system.
For faculty and staff, we are also working to get hardware tokens that generate the second number that can be used without a smart phone.
We will schedule information and help sessions to walk you through the two factor authentication setup starting next week. Expect an announcement regarding the walk through session times soon.
Some of you have noted that the Provost’s email’s links don’t directly go to CMU websites. Every email was sent individually and each embedded link was encoded to track the recipient’s click individually. This will help the administration track the number of people who have read the email and taken some action on it. You can safely click on the links. And, it’s very nice to see that you are so observant and skeptical. 🙂
Khalid Sarwar Warraich | Chief Information Officer
From: Provost Farnam Jahanian [mailto:firstname.lastname@example.org]
Sent: Thursday, February 16, 2017 12:08 AM
To: Khalid Sarwar Warraich
Subject: Action Required: Launch of New Security Measure
|Dear Members of the Carnegie Mellon Community,
We are writing to announce the launch of a new service to better protect CMU user accounts and reduce the risk for security breaches.
By now, we have all seen the warnings about the surge in cybercrimes, particularly phishing attacks. Phishing is a tactic used to acquire sensitive information through deceptive emails, texts and other messages that appear to be authentic. As we heighten our awareness to protect our personal identities and data, we also must be aware of the affects phishing has on the university. Phishing campaigns aimed at university accounts have nearly doubled between 2015 and 2016. It is our collective responsibility to protect university resources and the confidential information of our colleagues and fellow students.
The Information Security Office and Computing Services recently announced a Two-Factor Authentication (2fa) service that provides a second layer of protection to increase security of passwords and password protected data, systems and services. The staff in those units have spent several weeks briefing and training various groups, including the University Leadership Council, the Academic Leadership Council, Faculty Senate, Staff Council and academic department heads. We extend our personal thanks to the hundreds of early adopters who have already enrolled.
After careful consideration and discussion with university leadership, we are requiring all faculty and staff members, including all student employees, to add the 2fa protection to their university password by April 20. This security measure is in your best interest, the interest of the university and the individuals we serve. The launch of this new service also brings us in line with most of our peer institutions in terms of information security and privacy.
Please visit www.cmu.edu/computing/2fa/ to register your Andrew account for 2fa. This page also provides details to help you understand the service and how it will affect your login experience. Direct questions about the registration process or 2fa service to the Computing Services Help Center at email@example.com or 412-268-4357 (HELP).
Thank you for your cooperation in taking this proactive step to increase our digital security and for your continued awareness and diligence in responding to cybersecurity threats.
Mellon University | 5000 Forbes Avenue, Pittsburgh, PA 15213