Our Information Security team presented to our group on some of the challenges of tackling phishing and demonstrated Duo Two Factor authentication.
We asked our group if they would use Duo when it is availiable to them:
- Half of the respondents said they would use it, and half of the respondents said they wouldn't go out of their way to use(but they would be okay if it was mandatory). One participant said they don't consider their email / data to be important, and so they weren't interested
We asked our group which method they would prefer to use to authenticate:
- All respondents said they preferred SMS over push notifications (though they admitted push might be okay if it's much faster)
- UBI keys were not of interest to the group, as they are relatively expensive, and only work in Chrome
We asked our group to provide feedback on the enrolment process(after they saw a demonstration):
- The process was quick and easy
- They asked about how long you would stay authenticated for (answer: 30 days)
- They asked if you can easily switch between the App and SMS(answer: yes)
We asked our group if they would be open to IST running a phishing simulation on students to increase awareness:
- Everybody in our group enthusiastically supported this
- They couldn't see any harm or negative impacts resulting
We asked who this should target:
- Our students thought that this could target all groups on campus
- They suggested that their shouldn't be any communication campus in advance of this
We asked how frequently these email should be sent:
- There was mixed feedback on this, but the general consensus was 2-4 times per term
