Multifactor Authentication Begins Protecting BuckeyeBox on December 19

UPDATE: 12/2020 - BuckeyeBox will be retiring in 2021. We recommending using Microsoft Teams and/or OneDrive for Business for collaboration and storage.

Beginning Tuesday, December 19, we are adding BuckeyePass multi-factor authentication to BuckeyeBox. This change does not affect BuckeyeBox functionality; it will work the same as it always has.

Most importantly, since BuckeyeBox is a collaboration tool, you may be concerned about how this will affect your ability to collaborate with individuals outside of the university. This change will NOT affect your ability to share files in folders. In fact, collaborators outside of the university will notice no change and will be completely unaware that we have implemented BuckeyePass. It's value of this security measure is in protecting your information if your password is stolen or cracked by cybercriminals.

What does BuckeyePass do?

BuckeyePass increases security significantly by requiring not only a password and username, but also a second method of authentication that users control. Therefore, if cybercriminals gain access to a user name and password, they still will be unable to breach the user’s account.

What is the benefit for BuckeyeBox?

This change will allow you to use BuckeyeBox for files that contain some Institutional Data classified as “S4”. As we allow more sensitive data to be stored in BuckeyeBox, it is important to be aware of what data you have stored in files you are sharing. Here are some helpful resources to understand the types of information you can share:

• What is S4 Data? This Institutional Data Classification Assignments document outlines S4 data as well as the other institutional data classifications
   
• What types of data can be stored on BuckeyeBox? Knowledge Base Article 3833 lists the data types you are permitted to store on BuckeyeBox. If you are unsure of whether a specific type of data is permitted, please check with your IT department for guidance.
   
• What’s the difference between “sharing” and “collaborating?” The Box.com Knowledge base provides articles with good explanations of the difference between sharing a file and giving other users access as collaborators

What information CANNOT be stored on BuckeyeBox?

There will be exceptions to what types of S4 data can be stored there. Do not store data on BuckeyeBox that is classified as:

• Health Insurance Portability and Accountability Act (HIPAA)
• International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR)
• Controlled Unclassified Information (CUI)
• Payment Card Industry (PCI)

Knowledge Base Article 3833 outlines what is and is not permitted, but if you are unsure of whether data is permitted, please check with Enterprise Security for verification.

What do you need to do?

If you have already signed up for BuckeyePass, you do not need to register again. The process for logging in is the same that they already used for Employee Self Service and/or Buckeye Link systems. If you are yet to sign up, go to BuckeyePass website - the process is easy and only takes a few minutes.

If you happen to be logged in when BuckeyePass is implemented, you will not be required to log out and log back in. You will use multifactor authentication the next time you log in.

If you need additional information or help please reference https://buckeyepass.osu.edu, email buckeypass@osu.edu or call 614-688-4357 (HELP).