University Requires New Two-Step Verification for Online Resources

College students will have to use a new two-step verification system starting Oct. 19 to access most online Harvard resources, including my.havard and Canvas.

The change follows recent updates to Harvard’s authentication systems, including the implementation of HarvardKey last spring, which required students to log into online services using new login and password credentials.

However after a network intrusion in June, Harvard has advised students to consider changing their passwords and is requiring students to activate the two-step verification system. Christian Hamer, Harvard’s chief information security officer, notified undergraduates of the impending change in an email in late September.

The new system requires students to verify themselves using another device, commonly a mobile phone, when logging into HarvardKey protected accounts. According to the HUIT website, students have the option to verify their login with each use or can select an option to "remember me” for 30 days.

The HUIT website states that Harvard’s online services and accounts are high-priority targets for hackers, but the new system will increase security protections for direct deposit information, research data, intellectual property, and personal information.

“Two-step verification is an extra layer of security designed to ensure that you're the only person who can access your Harvard account, even if your password is stolen,” the HUIT website reads.

Several students have expressed frustration with the new system, characterizing it as inconvenient.

“I’m kind of annoyed that I have to go on my phone and use the app,” said Thang Diep ’19. “It’s an extra app on my phone that I don’t need.”

The HUIT website strongly recommends that users add a second device when setting up their two-step verification accounts, which would enable them to authenticate their logins if they don’t have access to their primary devices. However, some students perceive this added step as overly burdensome.

“It’s been surprisingly inconvenient,” said Audrey H. Effenberger ’19. “I was borrowing someone else’s computer and it was a struggle with the new system trying to get into my account.”

While the security modifications have been met with some hesitations, students said they still appreciate HUIT’s efforts to protect their information.

“I have yet to feel annoyed by the verification when in a time crunch,” said Audrey S. Thorne ’19. “It honestly doesn’t take that long and even though I don’t think I have anything worth hacking, the added security is reassuring.”

Thomas LaSalle ’19 expressed a similar mindset. “I understand that it's in our best interest for our security,” he said. “It doesn't really bother me.”