More Secure Access

More Secure Access Logo: Bee in a shield with text "More Secure Access"

In 2024, ISO began enrolling individuals with access to Yale’s High Risk data in the More Secure Access initiative to address the increasing frequency of high-quality phishing attacks and the widespread use of generative artificial intelligence.

More Secure Access is a heightened security posture to better protect Yale’s High Risk data and the individuals with access to that data. This is achieved by:

  1. Ensuring the security and health of the laptops and desktops used to access Yale’s single sign-on (SSO) protected applications.
  2. Enabling the strongest available form of multifactor authentication (MFA) for NetID accounts with access to the data.


Together these efforts serve to strengthen Yale's cyber defenses against the ever-increasing frequency and sophistication of targeted phishing attacks.

How does More Secure Access work?

The two components of protecting Yale’s sensitive data through More Secure Access are:

 

More Secure Access: Device Security icon (icon of a computer with a lock, shield, and checkmark)

A secure device

Any laptop or desktop used to access Yale’s SSO protected applications is required to run Duo Desktop which must report the system as healthy. This program runs in the background on your device and only reports on whether the following components of Yale’s Minimum Security Standards (MSS) are met. It does NOT have access to any user data or activities.

  • A system password is set.
  • A current and supported operating system version is installed.
  • Full disk encryption is enabled.
  • CrowdStrike security agent is installed and running.

 

More Secure Access: Login icon (computer with Yale "Y", hardware key, and smartphone displaying a QR code)

A secure login

The NetIDs of individuals with access to High Risk data must use either a hardware security key (passkey) and PIN or a QR code-based passkey on a mobile device to complete multifactor authentication (MFA).  Enrollment in MFA passkey authentication replaces previous MFA methods (push notifications, phone calls, and text messages).

 

These methods make your account more secure by ensuring only you can access it. To log in, you need to be physically present at the device being used which adds an extra layer of protection to your NetID.

Who is enrolled in More Secure Access?

Enrollment efforts for More Secure Access are currently aimed at departments with access to Yale High Risk data. At the outset, we are targeting departments with access to financial or regulated data.

If you are being asked to enroll in More Secure Access, you will be contacted by your departmental leadership.

As efforts continue, more users with access to confidential Yale data will be moved to this heightened security posture.


What if I am not enrolled in More Secure Access?

If you are not enrolled in More Secure Access, continue to use your current form of MFA, Duo Everywhere. For more information, visit Use Yale’s Multifactor Authentication (MFA) Service.

How to learn more about More Secure Access?

For more information, please contact the Identity and Access Management team.