Breaking the Ubiquitous Two-Factor Barrier

Wednesday, May 06 | 9:00AM–10:00AM | Minneapolis Grand Ballroom Salon F, Third Floor
Session Type: Professional Development
In a world where the only thing standing between the bad guys and their pay day is knowledge (of a password, of a security question answer, etc.), we are at risk. The problem is not phishing, weak passwords, shoulder surfing, or keystroke logging. These are types of attacks. The problem is compromised credentials. The only effective defense is to ensure that a compromise of credentials doesn't compromise the security of institutional and personal information or the critical business processes of the institution. Learn how Boston University and the University of Iowa selected, piloted, and implemented a strategic solution for two-factor authentication using Duo Security. We will compare and contrast decisions made, tools used and developed, lessons learned, and the current status of our implementations. We will also review some of the challenges with phone-based two-factor authentication, and what we have planned for the future.

OUTCOMES: Learn about phishing attacks against higher education that led to widespread financial fraud and how to effectively protect your institution * Understand some key decisions involved when implementing two-factor authentication solutions * Hear highlights of the successes and challenges of a production implementation


  • Jane Drews

    CISO, The University of Iowa
  • Quinn Shamblin

Resources & Downloads