USU employees required to use dual authorization for account access

The Utah State Office of Higher Education has required all universities in the state to implement multi-factor authentication systems to increase cyber security.

As a result, Utah State University faculty and student employees will be required to use a new dual authorization system in the form of an application or a key fob to access their USU  account.

Student employees and USU faculty will be denied access to their Banner account starting April 20 if the Duo application or key fob is not set up. The smartphone application is free. The key fob costs $23.

Mainly, hackers are interested in employees’ credentials so they can gain access to their bank information, said Eric Hawley, the chief information officer of USU’s Information Technology department.  

“Once a hacker gets an A-Number and password, they can do anything you can,” Hawley said.

However, if a hacker was attempting to access an employee account protected by the multi-factor authentication system, a push notification would be sent to the employee’s phone or tablet through the Duo application. From there, the USU employee could approve or deny access.

If the employee is using the key fob instead of a smartphone, the key fob would display a code, which prospective hackers would then need to access the individual’s account.

Student employees have varying opinions on the extra step now required to access their account.

“I’m not scared of it. I think it’s pretty cool,” said Kelli Hanni, an undeclared freshman who works at the Merrill-Cazier Library.

Other student employees said they thought the application was an inconvenience, but they are still open to better security.

“It’s a hassle as a student signing in ten times a day, but I don’t have a big problem with it,” said Rio Manning, a senior business administration major who works at the computer lab in the Taggart Student Center.

Kevin Graf, who works at the library, said he wasn’t too excited about the requirement at first. Still, Graf said he downloaded the application right away because he knew he would have to get it eventually.

Sarah Madany, an undeclared freshman who works at the Engineering Education (EED) Lab, said she is aware she will have to get the application, but is choosing to put it off because everyone she has talked to said it was “cumbersome and a hassle to pull out your phone every time you log in.”

Other students expressed concern about the possibility that they might not have their phone with them when they need to log in to their USU account.

Anna Moore, a senior graphic design major who also works at the EED Lab, said the fear became a reality when she forgot her phone one day.

“I had a deadline that I had to meet and I couldn’t log in to anything. That was not a good thing,” Moore said.

It is still possible to gain access to the account if an employee leaves their phone at home or the battery dies. Employees just need to log in to myid.usu.edu, click on a button that allows them to generate a bypass code, and answer a few questions about information from their Banner accounts. If they answer correctly, a code will be generated, allowing the employee access to the account.

Hawley said he is aware students feel the application is an inconvenience. He said once all university employees are using the application or the key fob, they will no longer be required to change their password once a year.

As of March 17, 2,827 USU employees had set up Duo via the application or the key fob.

— b96russell@gmail.com

@bjr24601

Photo by Mark Bell