Enable two-factor authentication(2FA) for any app or website that allows it. Two-Factor Authentication (2FA) adds an extra layer of security to your accounts. It requires you to provide not only your password but also a second form of identification, such as a push notification sent to your phone. This makes it much harder for unauthorized users to access your accounts, even if they know your password.
There are various methods that can be used to perform two-factor authentication.
Pros and Cons of Each Method
| Method | Pros | Cons |
| Phone/SMS Verification | Widely available, convenient | Vulnerable to social engineering, SIM swapping, phishing |
| Push Notifications | Convenient, doesn’t require carrying another device | Still susceptible to phishing if not vigilant. Remember, if you didn’t initiate a Duo authentication, report it as fraud in the Duo app. |
| Yubikey | Highly secure, phishing resistant | Requires physical possession, may not be supported by all services |
Best Practices for 2FA:
- Use Push or a Security token: We urge you to switch to Duo Push or a YubiKey for enhanced security. Push notifications provide a handy second verification option for daily use, while the YubiKey is a phishing-resistant backup.
- Enable 2FA for all critical accounts: This includes accounts for email, cloud services, social media, banking and other sensitive systems.
- Use strong and unique passwords: Even with 2FA, it’s important to have strong, unique passwords for all of your accounts.
- Be Cautious of Phishing Attempts: Be aware of phishing scams that may attempt to trick you into revealing your 2FA codes.
- Educate yourself: Understand the importance of 2FA and how to use it properly by reviewing the articles below.
- Importance of 2FA: More than a Password | CISA
- Duo at the University of Rochester: Two-Factor Authentication (Duo)
- Secure Duo Methods: Using a less secure Duo method?
By implementing and enforcing 2FA policies, the University can significantly enhance their cybersecurity posture and protect sensitive data from unauthorized access.
Additional Resources:
Visit our NCSAM page for more information and games related to this week’s tip.