Case Study: University of British Columbia achieves up to 95% reduction in compromised credentials and campus-wide multi-factor authentication with Duo Security

The University of British Columbia deployed Duo and enrolled over 40,000 users in less than a year

The University of British Columbia, a top‑ranked research university with over 65,000 students and nearly 20,000 staff, faced increasing, sophisticated phishing attacks and needed a comprehensive multi‑factor authentication (MFA) solution that would work across cloud and on‑premises apps, support modern and legacy protocols, meet regulatory controls (PCI‑DSS, HIPAA), and enforce adaptive access based on role, device and context.

UBC deployed Duo in a phased rollout, enrolling over 40,000 users in a year using Duo’s authentication proxy (LDAP/RADIUS) in HA and a custom synchronizer to automate user/group lifecycle and staged onboarding. Departmental delegation, adaptive policies (device checks, screen‑lock enforcement, varied auth methods, “Remember Me”), and integrations with Shibboleth/CAS delivered a smooth rollout with minimal helpdesk impact — and a measured drop in the use of compromised credentials of up to 95%.

The University of British Columbia

Mark Schooley

Senior Director, IT Operations & Engineering