See below for highlights of the IAM security initiatives for calendar year 2026 (last updated 4/30/26). All IAM initiatives are available on the IAM program dashboard.
| Date | Project/Enhancement | Description |
|---|---|---|
| 1/27/26 Complete | Two-Step Security Enhancements - System Configuration | Enable Instant Restore, adjust callback keys, passcode expirations, etc. |
| 3/31/26 Complete | Duo Discontinues Older App Support | Duo requires a minimum Duo Mobile app version of 4.85 or greater |
| 4/15/26 Complete | Duo Discontinues Older Mobile OS Support | Duo ends support for older mobile operating systems, including iOS 16 and Android 11. |
| 6/2/26 | MFA Requirement for Research (RES) Affiliation | All research personnel required to use Two-Step to access PennKey-protected resources |
| Spring-Summer 2026 | Phishing-Resistant MFA Best Practices | Info-sharing, procedures, and strategies for adopting phishing-resistant MFA |
| Spring-Summer 2026 | Passwordless Limited Pilot | Internal ISC pilot to refine passwordless strategy for WebLogin SSO |
| Planning | Two-Step Security Enhancements - Discontinue Least Secure Methods | Discontinue least secure Two-Step Verification/Duo methods - HOTP, SMS, Phone |
| Planning | SSO for High-Risk Apps | Increase adoption of WebLogin SSO for apps that present higher risk if compromised |
| Planning | Front Door Auth for High-Risk Apps | Increase adoption of Front Door Authorization for apps that present higher risk if compromised |