The Daily Pennsylvanian is a student-run nonprofit.

Please support us by disabling your ad blocker on our site.

two-step-verification-duo
Credit: Mira Shetty

All students are required to enroll in two-step verification to log into PennKey protected accounts as of Feb. 14. Since the registration deadline, 96 percent of undergraduate students have enrolled in the verification, according to Penn's Chief Information Security Officer Nick Falcone.

After students log in using their PennKey and password, the two-step verification requires people to verify their identity by receiving a phone call or SMS text message, obtaining a code generated by the Duo Mobile App, using one-touch approval on the Duo Mobile app, or receiving a registered key fob device that generates codes.

Before the University began its registration drive in January, student enrollment was at about 6 percent, Falcone wrote in an email to The Daily Pennsylvanian. In the two days after Jan. 14, when Penn InTouch announced the deadline with a message displayed on its log-in screen, student enrollment jumped to over 50 percent, Falcone wrote.

Just prior to the Feb. 14 deadline, about 70 percent of students enrolled in the two-step verification, Falcone added. Now, around 96 percent of undergraduates and 85 percent of graduate students are enrolled in the system.

The remaining un-enrolled accounts are likely because they are inactive due to various reasons, Falcone wrote, such as students who have not logged into Penn InTouch since Feb. 14.

The announcement was first made in November 2018. Faculty across all schools and staff were required to enroll in the two-step verification by an earlier deadline of Oct. 31, 2018.

The added layer of security is meant to protect users, as passwords can be easily accessed without people's knowledge, said Kris Varhus, senior IT director of the School of Engineering and Applied Science.

Credit: Jess Tan

The easiest and most encouraged method is the one-touch approval from the Duo Mobile app, which allows students to touch a push notification and confirm their identity, Varhus said.

For people who choose not to download the app on their phones, they can use a registered key fob, which is a small separate security hardware that generates a 6-character code every time a log-in attempt is made, Varhus said. Key fobs can be purchased from Computer Connection in the Penn Bookstore.

College sophomore Riley Merkel, who did not enroll prior to the deadline, said while she understood the verification's goal, she could not imagine why anyone would want to hack into the system.

“I wished they had just done just the verification for Penn InTouch, which I think is a bit more important, but not for everything generally," College senior Sinziana Bunea said. 

All comments eligible for publication in Daily Pennsylvanian, Inc. publications.