Duo at U-M: Crossing the finish line

  • Sol Bermann and Ravi Pendse standing behind table holding laptop boxes. They stand behind a table covered in balloons, treats, and SWAG.
    CISO Sol Bermann (l) and VPIT-CIO Ravi Pendse (r) showcasing grand prize laptop computers at the U-M Ann Arbor Duo celebration, Shapiro Library, January 31, 2020. (ITS Communications)
  • 79,093 in Ann Arbor. 
  • 39,163 in Michigan Medicine. 
  • 10,184 in Dearborn. 
  • 8,315 in Flint. 

That’s how many U-M students, staff, faculty, and sponsored affiliates – more than 133,700 in all – are now using Duo two-factor authentication to help protect the privacy of the institution’s digital information and assets as well as each individual’s personal information. 

The most recent U-M Duo campaign, which began in the fall, involved encouraging all students who had not yet turned on two-factor (about 50%) to do so before January 29, 2020. Student employees were already using Duo, as part of the previous campaign to get all U-M employees to turn on two-factor by January 24, 2019. Other students were using it because they also recognized the importance of online safety and security. 

A cross-campus effort

“This campaign would not have been successful without unit staff collaborating with ITS staff, as yet another example of the U-M family coming together to achieve a common goal,” wrote Vice President for Information Technology and Chief Information Officer Ravi Pendse and Chief Information Security Officer and Executive Director of Information Assurance Sol Bermann in an email to IT leaders and advisors on February 13. 

In August, ITS Information Assurance staff reached out to and met with Ann Arbor, Dearborn, and Flint campus leaders across Michigan IT, as well as the Dean of Students Office and Student Life, Office of New Student Programs, student government, campus groups, unit representatives, and more – informing them about the move for all students to use two-factor and sharing the proposed implementation approach. Several individuals offered recommendations and advice that were incorporated into the plans used to effectively engage with students and get the word out. Everyone was asked to provide ongoing feedback and suggestions to the U-M Duo project team as the campaign progressed. 

“The U-M Duo team were fully prepared and provided a great technical resource that we leveraged several times,” said Harvey Sherman, associate director, UM-Flint ITS and project team member. “Our students understood the need to initiate dual authentication. Their willingness coupled with the support from the project team made this a very smooth and successful project.” 

An advisory group consisting of representation from across the university had preview access to developed promotional materials and communications, including emails, social media, digital signs and ads, posters, and swag. Emails to students not using Duo were sent beginning October 10 and continued through January. 

Preparation pays off

“It feels nice seeing Duo pop up on my phone screen,” said Adam Wright, LSA undergraduate student. “That’s because I know my university and personal information is protected every time.”

One of the more effective tools in informing students was a Duo interrupt screen at Weblogin. Students also saw messages posted on Wolverine Access, MaizeLink, Canvas, and Blackboard. In the weeks leading up to the go-live date, ITS provided deans, directors, and unit IT leaders with real-time, unit-based student adoption rates using a Tableau dashboard. The organization also hosted walk-up help locations across all three campuses, working with units at their request to provide additional assistance reaching out to students. 

“The U-M Duo project team estimated based on last year’s numbers that about 5,000 students would not turn on two-factor by the deadline,” said project lead DePriest Dockins, director, Identity and Access Management. “Instead, we only had about 2,000 students, which consisted of those taking the semester off, studying abroad, part-time students, non-traditional students, and the few who waited until the very last.” 

“In the final week, the Tableau dashboard showed that ninety-seven percent of the student body across all campuses were using two-factor ahead of the deadline. I’d say that was a win,” said Dockins. 

The win: fewer tickets, better security, and a well-deserved celebration

The Ann Arbor ITS Service Center, Dearborn ITS Service Desk, and Flint ITS Help Desk were prepared for an increased number of students needing assistance leading up to and on January 29. ITS Information Assurance staff and various unit IT staff were on standby in case the help desks became overwhelmed. However, no more service requests than usual were received, which the project team attributes in part to prepared U-M Duo online help resources and materials.

“Since enabling Duo, the amount of time spent working on compromised credentials and unauthorized access has dropped significantly,” said Sherman. “This has been a pronounced step in safeguarding our institutional data.”

Following the go-live, ITS hosted U-M Duo celebrations January 31 in Ann Arbor and Dearborn and February 3 in Flint. Students picked up giveaways and treats, and received assistance using Duo. Three students – one on each campus – won a grand prize, a Dell Alienware laptop computer; and a LSA student won a Google Mini (donated by LSA-IT).

“ITS Information Assurance regularly looks for ways to increase IT security and further protect the university’s data and digital assets,” said Bermann. “Two-factor is just one way this is being accomplished.” 

The U-M Duo project team is in its lessons learned phase and looking for critical feedback. Campus community members are encouraged to share their thoughts at Duo-Feedback@umich.edu.