Starting Sept. 7, University of Georgia students, faculty and staff will be required to use ArchPass two-step verification to log in to UGAMail and OneDrive for Business when off-campus.
The university announced the change in an ArchNews email on Tuesday, Aug. 21. UGA said the expansion of the two-step verification was a security measure to protect against phishing emails.
The verification process, used in conjunction with the Duo Mobile app, was already used for eLearning Commons, Athena, vLab and the Remote Access VPN.
UGA said in the email that the expansion of the process to other systems was in response to scams and phishing emails that prey on university-affiliated email accounts.
“This change to the login process is being implemented to help combat the rising tide of successful phishing attempts, which compromise hundreds of UGA email accounts every semester,” UGA stated in the email.
Over 4,300 phishing attempts were reported to Enterprising Information Technology Services during the spring 2018 semester, according to UGA. About 500 accounts were compromised from phishing attempts.
Users can verify their ID with a push notification to a smartphone, a passcode generated through the Duo Mobile app, an SMS text notification to their cell phone or a phone call to their cell phone. When verifying, an option to “remember” your device and web browser for 14 days is available, meaning that two-step verification won’t be required for another two weeks.