For those UGA employees who access restricted and sensitive data, a new security tool will be deployed in the coming months to further protect that information.
Timothy M. Chester, vice president for information technology, said his office is planning to implement two-factor authentication, a more secure method to protect restricted data from theft and misuse.
“As an institution, we’ve arrived at a point where we understand that usernames and passwords by themselves are not sufficient to protect restricted, sensitive or confidential information,” he said. “That includes Social Security numbers, credit card numbers and health records.”
Two-factor authentication will require users to verify their identities by providing both a password and a physical device called an ArchPass. The device, which generates a one-time, six-digit “ArchPass code” that is used in conjunction with a UGA MyID password, will be required to verify the identities of UGA employees who access information systems with restricted data, such as Social Security numbers.
Two-factor and multi-factor authentication commonly have been used by the banking industry and segments of the federal government, according to Chester. As a higher education institution, UGA is probably ahead of the curve of its peers in implementing two-factor authentication, he said.
“In higher education, we tend to prefer openness, efficiency and decentralization, while placing a high value on customer satisfaction and ease of use,” Chester said.
Enterprise Information Technology Services, the university’s central IT department, has been piloting the ArchPass with the Administrative Systems Advisory Council. That group also is developing guidelines to outline which information systems at UGA will require the two-factor authentication.
An initial deployment of the two-factor system for some employees is expected to begin in April. Additional systems and employees later will be required to use ArchPass. For now, the specific information systems, user groups and individual employees who will be required to use the ArchPass have not been finalized.
In addition, ArchPass users will be required to access those information systems by the university’s secure network, regardless of their location on or off campus. A special secure Virtual Private Network group has been created for those who need to connect to UGA’s restricted information systems. A VPN creates a secure “tunnel” to the campus network and can be accessed both on and off campus.
When rollout begins, EITS will provide technical details on how to use the ArchPass and the VPN online at http://archpass.uga.edu. Two-factor authentication is being implemented by the Office of the Vice President for Information Technology as part of its long-term information security improvements.
Chester said the hardware-based ArchPass will keep the university’s costs low.
“ASAC committee members have a clear preference to keep the university’s costs as low as possible, while providing an extra layer of security,” he said.
Holley Schramski, associate vice president and controller, spearheads ASAC, which has been leading a transparent process to develop standards to determine which information systems will require two-factor authentication, and its policies and procedures, Chester said.
“I’m very grateful to Holley Schramski and the members of ASAC for their support and encouragement,” Chester said. “I’m also thankful for the support of UGA President Michael F. Adams, the senior vice presidents and the vice presidents as we embark on this initiative.”