It’s true that two-factor authentication systems like Two-Step Login make accessing online services you use slightly more complicated
But two-factor authentication also is proven to keep everyone’s personal information much more secure. A minor trade-off in convenience is worth it.
The university adopted Two-Step Login in the face of real security threats. Most other major universities have done the same. Two-Step is a basic and essential tool for keeping our campus community safe.
Here are six reasons the university requires Two-Step Login for systems like MyUI, ICON, Employee Self Service, and others:
Two-Step Login protects your identity and your data. Passwords provide only so much protection—even the strongest ones can be stolen. Requiring login verification from a device only you possess (for example, your phone) prevents hackers from accessing your accounts and pretending they’re you.
It protects other people, too.Imagine this scenario: A hacker uses your HawkID and password to log into your email and send real-looking phishing messages in your name. Other students, staff, and faculty fall for the scam and give out their passwords, continuing the cycle. Two-Step Login stops this process dead in its tracks.
It saves you time, stress, and even money. At best, a HawkID account compromise will temporarily prevent you from accessing UI systems while you work with security experts to resolve the problem. In the worst cases, hackers have stolen thousands of dollars by redirecting bank deposits. Ask anyone whose account has been compromised—the risk is real.
It’s the security standard for sensitive online systems. Chances are your bank and even your social media accounts require (or at least strongly encourage) two-factor authentication. Your employment or academic records, bank account numbers, and other info stored in UI systems deserve the same protection.
It’s more convenient than you might think. Two-Step Login offers verification options that fit just about every scenario. Responding to a notification in the Duo Mobile app on your phone takes just a few seconds and using the “Remember me for 30 days” option lets you log in without verification on devices you control.
It works. With virtually every expansion of Two-Step Login, account breaches have dropped significantly. No system is perfect—they all rely on the vigilance of users—but Two-Step has proven its worth.