Dartmouth addresses email security concerns with two-factor authentication rollout

Dartmouth College has announced that beginning May 13 all campus email systems will be secured using two-factor authentication, requiring users to prove their identities through an additional source such as a smartphone app.

The school’s current email authentication system being used relies heavily on security questions, according to Dartmouth’s IT office, stirring concerns that the questions themselves do not provide enough security.

The security update also follows a string of racist and sexually explicit emails sent to members of the school’s students, faculty and staff this year. The emails were spoofed off Dartmouth’s system, appearing to have been sent from student accounts. IT officials said the emails originated from outside the college system, so two-factor authentication, or 2FA, is not expected to help with that particular issue, though it highlighted the campus’ IT issues generally.

The school’s new technology comes from security company Duo, which is owned by Cisco. According to Duo, 2FA is easy to set up and use and users can choose from several 2FA methods, including Duo’s mobile app, Touch ID, phone call-backs or one-time passcodes.

In an attempt to encourage users to enroll in 2FA, Dartmouth said it will hold a raffle every Monday for the next several weeks for those already signed up for the new security measure, with prizes including $100 Amazon, Computer Store or Coop Food Store gift cards.

Roughly 3,000 Dartmouth students, staff, and faculty have pre-enrolled in Duo services. Enrollment is required.

Following the launch its email systems, Dartmouth officials said the school plans to migrate the rest of its web-based services to 2FA by the end of summer.

Many other colleges and universities — including Harvard University, Virginia Tech and Boston University — have also implemented two-factor authentication for their campus systems as cybersecurity is increasingly prioritized in higher education.