Step up to Better Security with CalNet 2-Step

October 11, 2017

Jeremy at CalWe asked Jeremy Rosenberg, Manager of the CalNet Identity and Access Management Team at UC Berkeley, why the CalNet 2-Step is such a big deal. Read on to find out!

What is 2-Step?

2-Step verification is an additional level of security for your CalNet account.  After you enter your CalNet passphrase, you are challenged for what we call a “second factor” of authentication.  This usually means proving that you have access to your smartphone or a dedicated hardware device.

What makes 2-Step so important?

One of the biggest challenges the University has in keeping institutional data safe is the increase in phishing attacks. These are emails from hackers that trick users into giving up their passphrases by directing them to use their real login credentials in a fake campus login page. When CalNet 2-Step is activated on an account, the bad actor can’t use a stolen passphrase to access institutional data because they won’t have the second factor.

How did 2-Step come about?

2-Step verification is very common for important services.  Google offers it and most banks have some version of 2-Step. In recent years, many vendors have started offering solutions that scale up to the size needed for a community as large as UC Berkeley.  With recent attacks seen across the UC System and throughout higher education, the University decided it was time to invest in this important security feature.

What does 2-Step help prevent, and what does it not help prevent?

2-Step prevents people who get a hold of your passphrase from being able to actually log in to your campus account.  2-Step can’t stop all attacks. It’s still possible for someone to steal a password then trick the owner into answering a second factor request on their phone at just the right moment.  No matter what technological solutions are available, users of computing services must always remain vigilant and wary of any attempt to compromise their accounts.

What else can I do to protect my account?

In general, never share your passphrase. Don’t click links in emails, especially if you don’t know the sender. And if an offer seems too good to be true, it is. The campus Security Team offers Best Practices & How-To Articles that can help you keep your account safe: https://security.berkeley.edu/resources/best-practices-how-to-articles

How can I sign up for 2-Step?

If you are an employee, you can go to mycalnet.berkeley.edu, log in, and select Manage 2-Step Verification link to get started. You will need to have your smartphone or tablet on hand to complete enrollment. After you enroll a device, 2-Step will be turned on. To use it, simply log in to CalNet as usual and then approve access to your account from your registered device. Staff and faculty can sign up now. Students will be eligible to use CalNet 2-Step starting in April, 2018.

So, what are you waiting for? Do the CalNet 2-Step!

If you have any questions or concerns about CalNet 2-Step, feel free to contact us at: calnet2-stephelp@berkeley.edu.