New Stanford information security measures are underway, including a modified and more versatile two-step authentication system to be deployed this year, according to Michael Duff, assistant vice president and chief information security officer.
Duff said that the University has secured a campus-wide license with a third party vendor to make the two-step authentication process more flexible with new options such as SUNet ID users receiving push notifications on their phones through an app where they can tap “yes” or “no” to login, thereby avoiding having to type in a six-digit code number into WebLogin — a system that current has drawn ire from some students.
Other information security measures currently on the table include mandates for University employees outlined in a community email from Randy Livingston ’75 M.B.A. ’79, vice president for business affairs and chief financial officer, earlier this month.
One of these mandates includes having employees with Windows XP laptops and desktops migrate to Windows 7 Enterprise or Ultimate, or Windows 8
Pro or Enterprise, by April 8. Employees will be able to download the latest Microsoft software for free under a new campus-wide license obtained in November 2013.
Duff explained that students are also able to take advantage of the new Microsoft license and are encouraged to download the latest software for free as well.
In terms of updates from the July 2013 breach, Duff said that further investigations from the Information Security Office and Mandiant — an external forensics firm — found no evidence to indicate that compromised encoded SUNet password information was decoded and/or used in any way.
He added that IT administrators were able to detect an initial attack on the central Microsoft account infrastructure within 12 hours when a second sever crashed.
Since the July breach, the University identified 33 security initiatives that will continue to be worked on over the next two years.
A previous version incorrectly said Michael Duff is the assistant vice president and chief information officer. The Daily regrets this error.