One Step Ahead: Progress Towards Greater Security with Two-Step Verification

Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy

As of November 14, 2017, all Penn staff members have been required to use Two-Step Verification as part of the PennKey login process. The target date for complete faculty enrollment in Two-Step is October 31, 2018. For undergraduate and graduate students, the targeted enrollment completion date is February 14, 2019.

The University requires the use of an added second security layer after entering a strong password to protect your confidential information and Penn’s sensitive data from compromise.

Hackers try to use various social engineering techniques (akin to phishing emails or phone scams to collect usernames and passwords) to collect Penn identity access credentials and gain access to valuable, sensitive data. Such sensitive data may include, but is not limited to, your confidential information, health information, payroll, student records, financial information and research data. Two-Step Verification provides an important added measure of security against these types of attacks.

Using Two-Step Verification when accessing PennKey-protected information involves two quick and simple steps:

Step 1: Enter your PennKey and a strong password.

Step 2: Verify your information using one of the following methods:

  • One-touch approval using the Duo Mobile application installed on your mobile phone
  • Using a code generated by the Duo Mobile app
  • Receiving a phone call or SMS text message to confirm your identity
  • Using a registered keyfob device that generates codes

Your School or Center’s IT department can answer any questions you have about Two-Step Verification.

Related information:

For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/