Students required to enroll in Two-Factor Authentication by May 12

February 25, 2020

As part of its commitment to safeguard data and information, Penn State is requiring all students to enroll in Two-Factor Authentication (2FA) by May 12.  

Introduced for faculty and staff in 2016, 2FA provides a second layer of security when users attempt to login to Penn State services by sending a message to their mobile devices that verifies their identity.   

“We’re at a point where 2FA is part of best practices everywhere,” Penn State’s Acting Chief Information Security Officer Rich Sparrow said. “Your bank will have it. Your social media accounts should have it. Your Gmail should have it. You should be suspicious of dealing with anybody if they don’t offer 2FA.” 

Already in use at other Big Ten schools like Nebraska, Michigan State and Minnesota, 2FA will be required for all Penn State students starting on May 12. Students graduating in May do not need to sign up, but all others are required to do so by May 12 or they will lose access to online Penn State services until enrollment has been completed. 

2FA currently protects more than 2,300 Penn State sites and services like Outlook, LionPATH and Canvas. 

The entire enrollment process takes about five minutes and details on how to enroll, along with frequently asked questions, can be found at Penn State’s 2FA page

“It is a good, stable technology and it’s the right thing to do to move students into 2FA,” Sparrow said. “The impact of phishing attacks in particular can be severe, and we’re finding that a lot of bad guys may try to gain access to student accounts, go through emails, and their collaborative suite folders. They can go into LionPATH and drop classes. There’s all kinds of things they can do, but 2FA really is what prevents a lot of the negative impacts of account compromise.”


Last Updated February 25, 2020