Multi-Factor Authentication is Coming to Pomona College

Pomona College takes your data and security very seriously.  Colleges and Universities have become attractive targets to hackers as of late, where they can find a plethora of sensitive student, employee, and research data.  Even the most secure passwords can eventually be cracked and distributed widely on the dark web.

To that effect, in the next few months, Pomona College ITS will begin testing Duo for multi-factor authentication.  Enrollment in Duo will initially be voluntary and encouraged, with an eye to having everyone using it by Fall 2019.

What is Multi-factor Authentication?

Single factor authentication is using one point of authentication, such as a password.  To log in to a service, you need to only type your password. Multi-factor authentication requires that you type a password and then confirm that it is indeed you trying to sign in by approving the login from an approved secure device.   A password is easy to hack or guess, but gaining access to a secondary device requires a lot more effort on the part of the thief, including gaining physical access to your devices.

How Does It Work?

Currently, enrollment in Duo is voluntary.  Once you enroll in Duo, when you log in to a Duo-enabled Pomona service, you will need to authenticate a second way, either by receiving a Push, a Call, or a Passcode:

Push: When you have the Duo app installed on your smartphone or device, Duo will pop up a message asking you to approve the login.  Press “Approve” and you will be logged in.

Call: Duo will call the phone number you have on file and invite you to press any button on the handset.  Once you press a button, you will be logged in.

Passcode: If you have the Duo app, it will generate a passcode that you can type into your computer to log in.  You can also have the passcode sent to you as a text message (less secure).  You should select Passcode when using a Duo Token.

For best results and greater convenience, we recommend installing the Duo Smartphone app.  

Will I Need to Use a Personal SmartPhone? What If I Don’t Have One?

If you do not have or would prefer not to use your personal smartphone or other device, ITS will issue a Duo Token. The Token will produce a unique login passcode that will allow you to authenticate without a smartphone.  You can also use the “Call” feature to receive a call to a pre-registered phone number.

Do I Have to Do This Every Time?

For those who are enrolled in Duo, you will need to use Multi-factor Authentication every time you log onto a Duo-enabled Pomona service.  However, you can “trust” a device, such as your computer, tablet, or smartphone so that you do not have to perform the second authentication as often. We are currently working to determine the best balance between security and convenience for the length of time that a device will remain “trusted”.  

Which Services are Affected?

Multi-factor Authentication will be turned on for any Pomona service to which you log in with the Central Authentication Service (CAS) (such as the My.Pomona portal, Kronos, Workday, etc.) and your Pomona/Office365 e-mail.

If you have any questions about the new service or if you are interested in joining our pilot group, please drop us an e-mail and we will contact you when we are ready to enroll you.