2FA: A Project Timeline
OIT's rollout of 2-Factor Authentication (2FA) in late 2018 affected every student, faculty, and staff member on our campus. The move to two-factor authentication—mandated by the University of California Office of the President—was a good security practice to enact, given the number of phishing emails circulating campus by early 2018.
But no matter how smart or necessary the move to 2FA was, we always knew it would be a challenging concept for most campus users. A mandatory shift to the way that we log in to our everyday campus applications, that involves extra steps AND precious smartphone app space? That's a recipe for disaster if we ever heard one. Certainly everyone wants a more secure account—but we DON'T want to add any additional hassle to our routine in order to get it.
With all this in mind, OIT set out to put a human face on the 2FA enrollment process, and add in a lot of right-there-in-the-moment enrollment support for good measure. In an effort that spanned months, we implemented and integrated the new technology with our existing campus systems. We tested and re-tested the technology functionality and the usefulness of our user documentation. And finally, we ran a major communications blitz complete with donuts, tacos, cupcakes, candy, and swag to convince campus users to beat the rush and sign up early.
To date, more than 12,500 UC Merced students, faculty, and staff have enrolled in 2FA and added an extra layer of protection to their campus accounts. We've decreased successful phishing attempts—once an almost-daily annoyance—significantly. And we really, really had fun in the process. We hope you did, too.
JANUARY - JUNE, 2018
Deputy CIO Nick Dugan walks 2FA team members through the various connections necessary for two-factor authentication to work.
Months before we rolled 2FA out to the campus, OIT was working to test the two-factor authentication service and validation process.
OIT Student Technology Consultant Camille Vo created the manual enrollment tracker that we used throughout the enrollment campaign.
Through the early summer, the Identity Management and Infrastructure teams worked to connect all the back-end pieces that are necessary to make two-factor authentication work with our various campus systems.
OCTOBER 8, 2018
Campus Enrollment Begins
In the early fall, the Communications and Enrollment team planned and prepared for campus communications and campus-wide enrollment events.
NOVEMBER 1, 2018
(Left to right: OIT's project manager Jose Magana, Deputy Chief Information Officer Nick Dugan, and Student Technology Consultant Alexis Kelley.)
Two-Factor Authentication was a big change to introduce to our campus users. So we planned a number of hands-on events to make sure that campus users understood the basics about 2FA.
NOVEMBER 7, 2018
Service Desk Technician Rosemary Braden gets ready to talk to staff at the Human Resources Open Enrollment Benefits fair.
It was hard to miss us...
Though our primary goal was enrolling users ahead of the deadline, what we really wanted was to make sure that users had a chance to ask questions and get answers from OIT experts in real-time.
NOVEMBER 8, 2018
Students stop to learn about 2FA...with free donuts as an added bonus.
....because we were everywhere
Along the way, we gave away donuts, tacos, cupcakes, stickers, webcam covers, device cleaners, and more. Because nothing says "Come talk to us!" like free stuff.
NOVEMBER 27, 2018
Rain or Shine
Even the rain couldn't stop us! The 2FA crew tabled inside the Pavillion during the last few days of our enrollment period.
NOVEMBER 28, 2018
LAST-MINUTE ENROLLMENT HELP
The 2FA team was out in full force during the last few days of our enrollment period. During that last week, we enrolled nearly 4,000 UC Merced students, faculty, and staff!
NOVEMBER 29, 2018
By the time we got to our 2FA "Mandatory Day," the only campus users who hadn't heard of 2FA were those that were living under a rock during the entire month of November.
Interested in how UC Merced's enrollment stacks up against other campuses? Click to see the breakdown.
"I really want to commend you and your staff for your management of the 2 factor authentication, in terms of both implementation and communication.
Most popular authentication methods
I am pricklier than the average bear on IT stuff. My attitude is that I think IT gets in the way more often than it helps, and I want to use and interact with it as little as possible. Thus, I don’t welcome change with IT.
You really deserve a medal for how you’ve handled this. If there’s ever an opportunity to write a recommendation for a unit or staff/administrator award, please let me know."