Enhanced Cybersecurity Campaign

The security team is rolling out a comprehensive set of initiatives that will significantly improve the cybersecurity of UCSF’s data, networks, and computer systems. These actions are in direct response to increasing global threats to UCSF systems, including a dramatic rise in phishing attacks. We are taking these steps to protect our data and IT systems and to prevent a data breach. Our dedicated IT teams will be implementing these important changes, many of which will be transparent to our UCSF community. Please continue to check this page for updates or read our Security 2.0 FAQ.

What’s next?

June 2018
Password Campaign: Required password changes for UCSF network (Active Directory/email) logins begin and continue throughout 2018. Learn about the password change project and new password management tools.

Summer 2018
Phishing campaign continues.
Duo two-factor authentication for Connect Portal (

  • Starting 8/15: If your APeX login (UCSFMC account) is already enrolled in Duo, you will be prompted to use Duo when you sign into Connect Portal.
  • From 8/22–9/7: If you are new to Duo, or use Duo with your “Campus” or “SOM” account, you will need to enroll your APeX login (your “UCSFMC” account) with Duo. During this period, you will be prompted to complete your Duo enrollment when you login to Connect Portal. When you get the prompts, follow these instructions to finish enrolling: Duo Enrollment on Connect Portal.
  • Starting 9/11: All access to Connect Portal, on or off the UCSF network, will require Duo.

Other Projects
Network Access Control (NAC)
Centralized Logging and Monitoring
Server and Workstation Security Controls


What we’ve accomplished

Spring 2018: Phishing Campaign, Phase 2

December 2017: Duo two-factor authentication for Pulse VPN and Outlook Web Access.  For more information:

Duo Two-factor Authentication      Duo Two-factor Authentication FAQs

Report a Security Incident