Tufts Two-factor Authentication (2FA) Policy

Purpose

At Tufts, we place a high value on the creation, use and sharing of information to fulfill the University’s mission.  It is our collective responsibility to take precautions to protect the security, privacy and integrity of University information systems and personal and institutional data, such as research data, intellectual property and financial information.  To better protect all of our information, Tufts has implemented two-factor authentication (“2FA”), a new security measure to provide a second layer of protection when accessing institutional and personal data.

Scope

This policy applies to all faculty, staff, and affiliates of Tufts University.

Policy Statement

In consultation with university leadership, Tufts will require 2FA as follows:

  • All new faculty, staff, and affiliates hired on or after July 1, 2017.
  • All existing faculty, staff, and affiliates by September 30, 2017.
  • All student workers by October 31, 2017.
  • All students by April 1, 2018.

Technology Services will regularly evaluate and prioritize applications requiring two-factor authentication (2FA), to enhance the protection of institutional data and personal information.

Policy Sponsor(s) and Approval Details

Approval Entity(ies)

Academic Council, Administrative Council

Approval Date May 3, 2017

Effective Date July 1, 2017

Updated Date

September 29, 2017

Executive Sponsor(s)

Vice President for Information Technology & CIO

Responsible Office(s)

Office of the CIO

Revision

The University reserves the right to change this policy from time to time. Proposed changes will normally be developed by those responsible for the policy with appropriate stakeholders. The approval entities have sole authority to approve changes to this policy.