Based on the alarming growth in the number of attacks targeted at SPU and the number of accounts that were compromised as a result, CIS implemented Duo Two-Factor Authentication (2FA) for SPU.

After a successful six weeks of opt-in enrollments and demonstrated value to individuals and the university as a whole, the Senior Leadership Team has decided that all SPU accounts with sensitive data access need to have this same level of protection. As such, all Faculty and Staff as well as any Student Employees with accounts in one or more data systems will be required to enroll in 2FA.

Why 2FA for SPU?

Besides the personal protection that 2FA affords you for your SPU account (e.g.: against identity theft, personal paycheck theft, etc.), SLT decided that 2FA is necessary for SPU for a variety of other reasons:

• Compliance with FERPA and other current and forthcoming data privacy laws.
• Maintaining SPU's reputation and avoiding an embarrassing and costly data breach.
• Security and Financial Audits call for this level of security.
• SPU can (and does) have fines, penalties or increased rates imposed on it for failing to secure our accounts and data.

Roadmap

All regular employee accounts will need to enroll in 2FA. Additionally, any student employees with data systems access or access to sensitive information will be required to enroll in 2FA as well.

Regular Faculty and Staff will be the first group that will be required to enroll, followed by Adjunct Faculty. Last will come Student Employees with data systems access. Deadlines for enrollment will be set for each group, but below are some rough timelines:

• Regular Faculty and Staff: Early Winter Quarter 2019
• Adjunct Faculty: End of Winter Quarter 2019
• Student Employees: Spring 2019