An important change is coming this month to Duo two-factor authentication and VPN usage.
Prior to the roll out of Duo, LITS required RSA two-factor authentication for VPN access to certain protected Emory network cores. This was true regardless of whether one was connecting to the VPN from off campus or not.
When Emory switched to Duo, we began by not requiring authentication for users connecting from on campus. That was the default policy for every application that we integrated with Duo two-factor authentication. So, while Duo has been a great asset to our overall security posture here at Emory, there is this one area in which we took a step back.
Now that the whole community is enrolled in Duo and actively using it as an established service, we would like to go back to the same level of two-factor security we had with the VPN before. Consequently, we will soon require the use of Duo for VPN even when people connect from on campus.
This new policy will give us even better security because now we will be able to require two-factor authentication for VPN access to the Admin Core, whereas before, under the old system, we were not able to do that.
Users will still be able to use the “Remember me for 30 days option” if their connection method allows it. We do not intend to alter this capability with this change.
I am currently planning on making this change the morning of April 24. I will also email the VPN user community regarding this change.
If you have any questions about this, please let me know.
Leave a Reply