July 2016

Why do I Need Two-Step Verification?

This article describes the purpose of two-step verification at Harvard. For information on activating, configuring, and using two-step, visit the official HUIT page, http://huit.harvard.edu/twostep.

What is it?

Two-step verification is a security feature that allows you to approve account access using your mobile phone or other device. For HarvardKey, this feature is provided by Duo. When someone attempts to use your HarvardKey from a new device, you will be prompted to approve the login. Without Read more about Why do I Need Two-Step Verification?

LastPass Security Update

What Happened?

LastPass has been in the news recently after the disclosure of two vulnerabilities in the LastPass browser plugin. At this time, both vulnerabilities have been fixed. The first was disclosed and addressed a year ago. The second was disclosed and patched two days ago (July 26).

The more recent vulnerability potentially allowed an attacker to harvest passwords from LastPass users who visited a malicious website while using a FireFox browser and provided passwords to that site, directly or through LastPass’s form fill or auto login functionality Read more about LastPass Security Update