In a letter to the Stanford community, below, Vice President for Business Affairs and Chief Financial Officer Randy Livingston provides an update on information security at Stanford and announces that two-step authentication will be required for SUNet users. The process allows users to choose one of three methods -- a printed list of codes, text messaging, or a smartphone app -- to provide a second level of identity verification when logging into Stanford systems.
Members of the Stanford Community:
I am writing to notify you of additional steps to enhance the security of Stanford’s information systems and protect against the pervasive threat of online attacks. In addition to the initial password changes we required over the summer, we now ask all University community members with a SUNet ID to activate two-step authentication, a simple and highly effective security mechanism already adopted by many organizations.
Starting this Thursday, we will begin requiring anyone with a SUNet ID to have two-step authentication enabled in order to access web-based services. The community will be added on a rolling basis, so your prompt to enroll may occur anytime over the next several weeks. Already more than 10,000 SUNet ID account holders have voluntarily elected to use this enhanced security.
Two-step authentication substantially reduces the ability of would-be intruders to access your account by requiring a second login code in addition to your password. Commonly, this is a random numerical code generated by a smartphone application or sent via text message to your phone. You will be prompted for this extra code at least once a month for each computing device and browser that you use.
I encourage you to go to the Accounts page and enroll now, if you have not already. Once at the Accounts page, click “Manage,” then click “Two-Step Auth” and follow the instructions.
We will be taking additional measures over the next few months to further safeguard our information systems. Your technical support teams and University IT will be working with all campus units to upgrade or replace older Windows XP operating systems and to encrypt all employee laptops and mobile devices. We also intend to require longer or more complex passwords.
I will continue to provide updates on our progress. Thank you for your understanding and cooperation as we work together to protect both University data and personal information through the implementation of these information security best practices.
Vice President for Business Affairs
Chief Financial Officer