Starting Mon., Feb.5, a new window will appear for those trying to log into the email stating, “your domain will soon enforce 2-step verification to ensure better account security.” This means that very soon all John Carroll gmail accounts will be subject to two-step or dual authentication, similar to the system that currently exists for JCU Banner and Canvas accounts. While students may enable this security measure on their accounts now, the feature will become active for all accounts on JCU’s ledger come Mar. 19, 2024.
John Carroll’s Chief Information Officer Jim Burke told The Carroll News that this decision is based on The Gramm-Leach-Biley Act, which “requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.” Because John Carroll gives financial aid, this means that the university falls under the same categories as a traditional bank would including cybersecurity mandates like this.
“We have avoided turning this on, mostly because it is an extra step,” Burke explained. “We don’t want to put any barriers where we don’t have to. The government released new guidelines this past summer and basically, we’ve got to turn on the two factor [authentication] for everybody.”
The GBLA’s main focus is to make sure that private information is kept safe and secure from malicious actors. Not only does it safeguard sensitive financial data, it keeps any other personal pieces of knowledge guarded behind multiple layers of virtual protection.
“Throughout our discussions, numerous committee members expressed strong support for transitioning to 2SV for Google accounts, highlighting the added security layer it brings to student email accounts,” Chetan Kapoor, chair of the academic technology subcommittee at John Carroll, told The Carroll News. “Despite initial concerns about the learning curve, the committee firmly believes that the benefits, in terms of heightened security, outweigh any temporary inconvenience. Notably, after the initial setup, Google only requests second-step verification when accessed from a different machine or location, minimizing the impact on user experience.”
As Kapoor illustrated, many of the worries that students have regarding dual factor authentication do not seem to be an issue for gmail users because “if you routinely use the same devices, you will rarely be prompted for the second step.” This is because Google deploys technology that helps devices “remember” their users better. Therefore, once users set up their account in this manner and, if they continuously access their gmail on the same devices, they will not be impacted by this change very often.
“Google is much more elegant, because they know more about you,” Burke said. “They have all those data points. If we could have pushed everything over to Google, we probably would have done that. It really is more elegant… but the financial systems don’t connect to Google.”
This appears to be the primary concern for most students dealing with other programs that use two-step verification currently as it is a hassle to reconfirm your identity at least once a week regardless of the device. Burke thinks some students won’t even notice the change.
“If you do it once and it remembers your device, it’s fine,” Stephen Claybaker ‘24, a past worker in the ITS department at JCU, told The Carroll News. “It’ll be a mild annoyance once and you’ll completely forget about it.”
For students who may struggle setting up two-step verification, they are encouraged to reach out to the ITS support team by calling 216-397-3005 or by putting in a support ticket online.