November 2016 OET Newsletter
Retirement Open House for Denise Methven
We invite you to wish Denise Methven the very best as she retires from OET as computing support specialist I. Join us on Thursday, December 1, from 2-4 p.m. in 133 WHL to celebrate Denise’s accomplishments over the last 24 years, first as an administrative assistant and for the last four years as computing support specialist I.
To R.S.V.P. or to contribute to a gift, contact Angela Cerasaro, 133 WHL. Light refreshments will be provided.
Two-Factor Authentication Required for Graduate Students
Enrollment in two-factor authentication (2FA) is now required for University of Delaware graduate students. Two factor-authentication was first required for anyone who uses the Cisco AnyConnect Virtual Private Network (VPN) as of June 15. Enrollment for undergraduate students is planned over the next few years, according to IT.
A few of our clients received proof recently that 2FA works. After enrollment, they received text messages with authentication codes generated by 2FA. The only problem was that our clients did not initiate these 2FA requests but rather an unauthorized individual trying to gain access to their accounts. The unauthorized person somehow obtained our clients UD passwords but did not know their 2FA codes. Two-factor authentication provided that extra layer of security to protect their UD data. After our clients were alerted by these text messages, they immediately changed their UD passwords.
If you haven’t signed up for 2FA already, you can enroll or find further information at MyUDSettings.
Student and Miscellaneous-Wage OET Accounts
One important step that departments can take to keep their data as secure as possible is to notify OET of the departure date of resigning or terminated miscellaneous-wage employees, work-study student employees, and graduate-students employees. It is especially important to notify us of their departure, as we do not receive any notification from Human Resources when student employees leave their positions. This should be done even if the employee is parting on good terms, transferring to another department, or is expected to return at a later date.
Attackers may be able to use any active account, if they are able to compromise the password. It may be more difficult to detect unusual behavior, if the compromised account belongs to someone who is listed as an active employee.