Campus adds Duo to post-phishing recovery tactics


Ideally, no one’s UC Davis account would ever be harmed by a phishing scam.

But because phishing is pervasive, UC Davis is now offering Duo as a resource to help faculty and staff protect their campus Office 365 accounts as part of the recovery if their accounts do get compromised.

Duo is a multi-factor authentication product. It requires you to provide a second “factor” before you can log in to a service it protects. Typically, Duo sends a temporary, second passcode to your smartphone. You accept the code, and you’re in.

Even if scammers get your password, they can’t break in to your account unless they also have your phone. And because you still have your phone, you don’t have to let the scammers in.

Use at UC Davis will grow

More than 1,500 staff and faculty already use Duo on the Davis campus to help protect Banner, Office 365, and critical campus servers. Information and Educational Technology, which manages the service, requires its employees to use Duo to protect their Office 365 accounts. Many IT workers across campus also use Duo, and UC Davis Health recently required it for all of their employees.

UC Davis has licenses for all faculty, staff, and student employees, and is planning to promote the broader use of Duo to improve campus security by applying it to services that use the Central Authentication System (CAS). Licenses to cover students are in the works.

Duo won’t repair a compromised account—that’s a separate process—but it will reduce the odds of a repeat compromise.

Read more about Duo, including options for people without a smartphone, in the IT Service Catalog.