The following email was sent to Rutgers Connect users on November 2, 2020.
Colleagues:
Cyberattacks against universities are growing more common, more sophisticated, and more devastating. All major institutions, from leading universities to corporations, are dealing with this issue, and we need to do everything possible to protect Rutgers and its people.
To protect Rutgers’ data and information security, we are announcing plans to require two-step login with Duo when using Rutgers Connect, Rutgers’ service for email, calendaring, and related Microsoft services.
What is changing?
Rutgers Connect currently requires your NetID and password to log in. With the requirement to use two-step login with Duo, you will need to use your NetID password and another method—typically, a smartphone with the Duo app—to verify your identity for Rutgers Connect. This prevents anyone but you from accessing your account, even if your password has been compromised.
If you would like to learn more about two-step login with Duo, visit twostep.rutgers.edu and view the available videos about Duo.
Why is this needed?
Using two-step login with Duo for Rutgers Connect protects your information and makes the university more secure. By using two-step login, you’re helping to protect yourself and the university from hacking, phishing, and other cyberattacks.
Rutgers is far from alone in requiring two-step login. Two-step login with Duo is required by many major universities, including Harvard, Michigan, and scores of others.
When will this happen?
Our plan calls for a three-phase approach, with the goal of introducing this change first to those who are familiar with two-step login with Duo. If you have not previously used Duo, you will not be required to use it for Rutgers Connect until early 2021.
Under this phased approach, various groups of users will be required to start using Duo with Rutgers Connect as follows:
- Phase 1: This will be limited to those users signed up for the Rutgers VPN service, which already requires Duo. For these users, Duo will be required for Connect starting December 2, 2020.
- Phase 2: Next we’ll add this requirement for those users who already use Duo—that is, if you have previously enrolled in Duo, you will be required to use it for Rutgers Connect. Required for this group on December 16, 2020.
- Phase 3: We’ll extend this requirement to all Connect users. Required for all on February 3, 2021.
At this time, Duo will not be required when on the Rutgers network.
This phased approach was developed by a working group with broad representation of IT professionals from across the university, as well as in consultation with faculty councils at Rutgers and the University Senate. These groups expressed strong support for our efforts.
What services and apps will be affected?
All Rutgers Connect services and apps will require two-step login, though some of them, such as Microsoft Office applications, will only require a one-time authentication. Rutgers Connect includes Outlook email and calendars, Microsoft Teams, Microsoft Office applications, OneDrive, SharePoint, and other Microsoft Office 365 services available through Rutgers.
What do I need to do?
You do not need to take any steps at this time. In the coming months, depending on your prior use of Duo (or lack thereof), you will be notified with what steps to take to set up two-step login. Departmental or OIT staff will be able to assist you with the set-up and use of two-step login with Duo.
Questions?
If you have questions, please contact the Office of Information Technology Help Desk or your department’s IT staff.
We appreciate your cooperation with this important initiative.
Thank you.
William W. Lansbury
Associate Vice President, Office of Information Technology
Ellen C. Law
Associate Vice President, Office of Information Technology