Test-drive a system for improving security of logins

posted Apr 14, 2014, 10:01 AM by Raymond Muzic   [ updated Apr 14, 2014, 10:17 AM ]
Tom Siu, our Chief Information Security Officer, is looking for people who want to test-drive a system for improving security of logins without making things over-burdensome for users.  

Google and other sites now support two-factor authentication (e.g. something you know and something that you have).  For example, you know your password and have your mobile or office phone.  

By using two factors to authenticate (login), the consequences of having your password stolen, hacked, of phished are reduced.

Please give it a try:  https://sites.google.com/a/case.edu/cwru-duoenrollment/home and tell Tom what you think.

In conjunction with this there are other changes under discussion
* increasing the password length requirement but making it easier to remember by not requiring numbers or symbols
* not requiring passwords to be changed each year if people are using two-factor authentication