Why is Harvard requiring two-step verification for HarvardKey?

Harvard accounts are actively stolen for fraud and intelligence gathering. Thousands of attempts are made every day to steal Harvard passwords. Two-step verification uses a pre-registered device in your possession, such as your smartphone, to confirm your identity when you log in with HarvardKey. That way, even if your password is stolen, cybercriminals can't get into your account without having that device as well.

By using two forms of verification, you are protecting

  • Your personal data like direct deposit account number and your Social Security Number. If a cybercriminal reaches this information, they can divert your paycheck or open new accounts in your name.  
  • Your University data like sensitive research and administration information. The theft of this kind of information can result in lost grants, harm to critical research initiatives, and the exposure of private information about Harvard and its community.
  • Other people's data at Harvard. Although you may not have direct access to sensitive information beyond your personal data, a cybercriminal who steals your account can leverage it to access additional accounts and systems that hold other people's information at Harvard.   

Two-step verification takes just a few minutes to set up, is easy to use, and in most cases requires your second step just monthly.

Activate two-step verification for HarvardKey now at http://huit.harvard.edu/twostep