Monday, June 15, 2015 - 15:43

On June 15, LastPass disclosed the discovery of a security incident on their internal network. According to LastPass, no evidence was found that indicated the encrypted user vaults of passwords had been accessed. However, user emails and password hints were compromised. As a precaution, LastPass is requiring that all users who are logging in from a new device or IP address first verify their account by email, unless they have multi-factor authentication enabled.


In addition, the Duke security offices are recommending that Duke users update their master password and password hints as soon as possible and enable multi-factor authentication on their LastPass account. Users with a LastPass Premium account from Duke can link it with Duke's multi-factor authentication service via the Duo Mobile app.


Expect to receive an email with further details from LastPass, but as always, be on alert for fraudulent emails directed at you designed to take advantage of the incident.  


If you have any further questions, please contact

Tuesday, May 12, 2015 - 10:04

How do you remember 1,000 passwords? Richard Biever, the university's chief information security officer, talks about how to do it on WRAL's "5 on Your Side."

Monday, April 27, 2015 - 09:08

The newest update to Adobe Reader (Adobe Acrobat Reader DC) offers a free upgrade to Adobe’s cloud solution, which allows users to access their PDFs on any device. But should you use it?


Many of our business documents contain sensitive electronic information that should not be sent to cloud providers. Duke employees should be particularly careful with systems offering device syncing to make sure cloud sharing is allowed. Staff should familiarize themselves with the Duke data classification standard and only sync documents classified Public. Contact the IT Security Office at with questions.