Campus-wide CalNet 2-Step Verification Requirement

January 22, 2018

Dear campus faculty and staff,

We are writing to you today to inform you about a new mandatory security measure we are rolling out across campus called two-step verification. As one of the nation’s top ranked public universities, our research, intellectual property, and institutional data are extremely valuable and attractive to state sponsored and other cyber criminals. The use of stolen CalNet account usernames and passphrases represents a serious, ongoing threat to the security of campus systems and data. In response to a dramatic rise in the scope, frequency, and sophistication of phishing, spear phishing, malware, and other cyber attacks launched against universities, we have joined our peer institutions in providing two-step verification technology to protect all faculty and staff CalNet accounts.

What is two-step verification? 

Two-step verification (also known as 2-Factor Authentication) is an extra layer of security designed to ensure you are the only person who can access your CalNet account, even if your CalNet passphrase is stolen. Because we use our CalNet accounts to perform many functions, from logging into email or accessing online storage to setting up direct deposit, two-step verification not only protects institutional data but your personal financial information as well.

This technology is increasingly being deployed across all industries, so you may already be using two-step verification to access your financial, medical, or federal government information.  A common example would be a verification code texted to your cell phone when you try to log on, which you then have to enter before access is granted.

Many leading universities have already deployed two-step verification, including Stanford, Harvard, and UCLA.  

How does this impact me?

Between February and April 16, 2018, we are rolling out the two-step verification requirement for faculty and staff accounts using a cohort enrollment model. Note that students who are also employees are included in this phase of the rollout. See the timeline chart below for high level implementation dates, and click on one of the Cohort links to see which group you fall into.

Enrollment Information

Two-step verification is already available for faculty and staff, and we encourage you to enroll before it becomes mandatory for your cohort. This ensures you can do so at your convenience and avoid interruption of access to two-step protected services including bMail, bDrive, bCourses, BearBuy, CalCentral, and others. To enroll, go to For self-enrollment instructions, visit

You may also email for enrollment support options, or visit the project site at for more information about the project.

Each member of the Berkeley community has a part to play in protecting our online environment. Enrolling in two-step at your earliest convenience will reduce risk both to the University community and to you. We greatly appreciate your support as we implement this important additional protection.



Estimated Date

Campus-wide outreach campaign launched

January 15, 2018

Kickoff enrollment for Cohort 1

February 15, 2018

Require Cohort 1 to use 2-Step

March 15, 2018

Kickoff enrollment for Cohort 2

March 16, 2018

Require Cohort 2 to use 2-Step

April 16, 2018



Carol Christ

A. Paul Alivisatos
Executive Vice Chancellor and Provost

Marc Fisher
Vice Chancellor Administration

Professor Lisa Alvarez-Cohen
Chair, Academic Senate 

Professor Anthony D. Joseph
Cyber Risk Responsible Executive

Larry Conrad
Associate Vice Chancellor for IT and CIO