University Information Technology Services is taking steps to prevent online theft of information by adding an additional layer of security to websites used by UA students and staff.
NetID , which requires a second step of authentication to gain access to UA sites, launched April 7.
A NetID account is the credential used by UA students and staff to gain access to personal accounts on all the university’s online services, such as Desire2Learn, CatMail and UAccess. Before NetID went live in 2002, there was no centralized username and password system for web services on campus, according to Gary Windham, senior enterprise system architect of UITS.
NetID is not a replacement, Windham said, but rather an enhancement to the original, meant to solve problems regarding password protection. NetID requires a second step of verification in order to log in. Devices, such as smartphones and cell phones, can be registered to one’s NetID account. Passcodes used to authenticate the user are sent to these devices.
Windham said many people use the same credentials on many different sites across the internet. A study conducted by Microsoft found that people have about 25 accounts, but only 6.5 passwords.
Once a hacker has the credentials for one site, Windham said, they will likely try them at other sites.
High profile websites like Facebook encrypt their massive databases of passwords, Windham said, but hackers have an ever-growing amount of computing power on their side to crack that encryption.
“You can get a graphics card for a PC for like $400 … that can do on the order of eight billion password guesses a second,” Windham said.
The additional layer of security is meant to bring NetID up to modern standards of an optional two-step verification mechanism, Windham said. This was accomplished by collaborating with Duo Security, a company that works with websites to provide better login security.
Students and staff with a NetID can enroll in NetID and register devices online with a variety of devices and notification options, Windham said.
“What we wanted to be able to do was to offer a solution that had the greatest potential for widespread use as possible on campus regardless of what technology people have access to,” Windham said.
Zachary Naiman, principal analyst and developer for applications systems, said that any large organization is more visible to hackers and is a target to cyber crimes. However, he does not believe UA is any more on the radar of criminals than any other institution.
The launch is going well, according to Naiman. He said on April 7, the first day NetID was available, 800 people looked at the site and 300 devices were registered. By Wednesday, 400 users had registered devices.
Naiman said that so far UITS has not gotten a lot of feedback, positive or negative, which Windham said he sees as an indication that things are going smoothly for users.
“That’s the thing in IT, you don’t hear stuff from people when they don’t have a problem,” Windham said.
Mathew Tate, a computer engineering sophomore, said he registered for NetID as soon as it became available. He said that the process of registering his smartphone has not changed his experience using websites that require NetID and hasn’t had a negative impact.
Tate, a staff member at the 24/7 IT Support Center, felt his information was well protected before, but that he feels more secure using NetID .