Two-Step Verification and the New Secure Authentication Toolkit

Two-Step Verification and the New Secure Authentication Toolkit

Authentication is key to protecting your personal information online. Proving who you are ensures that you are the only person who can access things such as your email, bank accounts and even photos.

There are three different ways to confirm your identity: what you know, what you have, and what you are. Passwords, driver’s licenses and fingerprints are just a few ways to utilize these methods. While passwords is the most common method of authentication, sometimes they are not enough. Two-step verification serves as a more secure solution.

Two-step verification works by requiring two different methods of authentication to access your information. One common example of two-step verification is when you go to the ATM. You are required to have two things: your card and your PIN. A cyber-attacker would need to have both in order to compromise your account. By adding another layer of security, it is much more secure for users. The UM System is implementing these important layers of security through a new centralized application known as Secure Authentication Toolkit.

The Secure Authentication Toolkit will serve as the sole resource for all password activities and require an additional authentication scheme, such as telephone numbers, email addresses and knowledge-based questions and answers. The additional authentication scheme will be utilized by all users in order to gain access to systems and/or retrieve their password. All University of Missouri employees and students will be required to complete the user registration process. You will be asked a series of personal, knowledge-based, questions and must provide answers to help form a secure method to confirm your online identity. Answers should contain information only you know; therefore, do not choose questions where the answers could be available publicly online or on social media.

For other non-University accounts, you can also utilize two-step verification. Most online services are now utilizing the setting to protect their users. It is important to remember that it is not often enabled by default. Most of the time you must go in and change the setting yourself on the account. While it might seem like more work, adding an additional layer can help protect you from cyber criminals. Critical services such as email, online banking or file storage could benefit from two-step verification.          

If you would like to learn more about the Secure Authentication Toolkit, please visit our FAQ webpage at: https://www.umsystem.edu/ums/is/infosec/secure_authentication_toolkit_faq.  

If you need support or have additional questions, please contact IT tech support at 573-882-5000.

Resources:

SANS. (2015). Two-Step Verification. Retrieved from, http://www.umsystem.edu/media/is/makeitsafe/newsletters/OUCH-201509_en.pdf 

Last updated: September 22, 2016