Tuesday, February 10, 2015 - Almanac Vol. 61, No. 22
Global Traveler? Enroll in Two-Factor Before You Go
The highly anticipated opening of the Penn Wharton China Center this March  is a good reminder that foreign travel introduces unique risks to data privacy and security.
One of the biggest problems to watch out for is the theft of usernames and passwords. If these credentials are stolen, hackers may access critical resources such as email or sensitive Penn data. Credentials can be exposed in a variety of ways when traveling - from keystroke loggers on public computers and kiosks, such as those found in hotels and airports, to the unintentional introduction of malicious software on your personal device upon establishing an untrustworthy network connection.
Fortunately, thanks to the widespread adoption of smart phones, there is an easy and powerful tool that can nearly eliminate this particular risk: two-factor authentication.
ISC is currently piloting Two Step Verification (two-factor) for PennKey. This service protects your PennKey by requiring both a password and a code generated on your phone. It is easy to set up, has little impact on your day-to-day experience and is a powerful antidote to stolen passwords. It is available to anyone with a PennKey. Note that two-factor authentication is also available on many popular commercial services (such as Facebook, Google, Twitter, etc.) and is a best practice for those applications as well.
For more information about Penn’s Two Step Verification pilot—or for additional best practices when traveling abroad—talk to your Local Support Provider or visit www.upenn.edu/computing/security and explore the links for “Two Step Verification” and “Travel Tips for Data Security,” respectively.