Online security is a complex issue with no one solution to fix all its woes. Sorting through all the ways that information can be stolen online and how to protect it can be confusing. It’s one of the reasons why National Cybersecurity Month exists.

One of the most common entryways for hackers and bad actors to access your data is through stolen passwords. Stolen credentials are used in 29% of reported breaches, according to Verizon’s 2019 Data Breach Investigations Report.

However, despite touch ID and other forms of biometric authentication, passwords aren’t going away anytime soon.

Because of this, adding a layer of protection on top of passwords – making it more difficult for somebody who has your password to gain access to your account – is one of the most important and easiest ways that individuals can secure their personal data and information from unwanted breaches. It’s the reason why Northeastern is expanding the use of two-factor authentication to protect an increasing number of the university’s online systems and services.

What is 2FA?

You are likely already using some form of 2FA in other areas of your personal life. It’s any form of security that protects an account with two layers of authentication. Commonly, the first layer is a PIN or password, something that you know. The second factor is something that you physically have, such as a device or card.

Whenever you log in to Google or a social network, and the site texts you a code to your phone to type in and authenticate with – that’s two-factor authentication.

Banks and financial institutions also employ 2FA as a means to verify your identity. The two ways of confirming that it’s actually you trying to perform that transaction at the ATM are a PIN (something that you know), and your bank card (something that you have).

How effective is 2FA though? Recent data from Google’s use of 2FA shows that it can block 100% of automated bot hacks.

Why 2FA at Northeastern?

Education hasn’t gone untouched by modern security concerns such as data breaches and phishing attacks. It’s gotten so bad, in fact, that it prompted the Education Department to release a warning about malicious attackers trying to gain access to financial aid data and funds, and urging schools to employ 2FA and other means of strengthening security practices.

Before Northeastern started requiring the use of 2FA last spring, the Office of Information Security was getting reports of dozens of compromised email accounts per week.

That reported number of weekly compromises has gone down to virtually zero since 2FA has been required for all faculty and staff accounts to access their email, Office 365 apps, and sites protected by single sign-on.

“This has drastically cut back on the damage that malicious actors are able to do, particularly through phishing emails,” says Megan Perkins, Information Security Manager.

2FA is effective, and it doesn’t have to be hard. Enrolling in Duo, the university’s 2FA service provider takes just minutes at, and the Duo Mobile app is the easiest and most convenient way to authenticate when trying to access protected sites. The app, which can be downloaded and installed on smartphones and tablets, provides both push notifications and passcodes.

More information about the university’s 2FA requirement, as well as answers to commonly asked questions, can be found at the Get2FA website.