Students weigh pros, cons of Duo 2FA

By Aarushi Aggrwal, Staff Writer

You put your phone on the charger, tuck yourself in your warm bed and decide to work on this one last assignment. You try to log in to Canvas, enter your credentials, hoping to see the cascading list of tasks. Instead, the word “DUO” appears, and you roll your eyes — it’s the Duo two-factor authentication notification again.

Duo 2FA is a process wherein the identity of a user is verified through two distinct means, usually a password and a one-time code sent via MMS. 2FA is employed in order to provide an extra check when granting users access to their account information or private data.

The University recently implemented mandatory 2FA, requiring all students to use it to log in to their University of Illinois accounts. Opinions on the matter are mixed.

Courtney Hau, freshman in ACES, said she finds the change “annoying,” and that she, like many other students, thinks that 2FA is a little inconvenient.

“I find myself not checking my email at all because I know I’m going to have to go through Duo again,” Hau said. “I would assume that they’ve introduced it for safety reasons, but it’s just annoying.”

Shashwat Mundra, freshman in Engineering, said he is a strong advocate of 2FA.

“Passwords today can be easily cracked, stolen or even guessed,” Mundra said. “Duo just sends you a notification, and it takes two clicks to verify your identity. It is a small step that goes a long way in protecting my sensitive data.”

While assignments and exam information may not seem confidential or top secret, there’s much more information linked to students’ University accounts.

Jeremy Watson, manager of identity and access management at the Technology Services at Illinois, explained in an email why it was necessary to add an additional level of security for students.

“2FA has been a requirement for undergraduates who receive financial aid,” Watson said. “It is an added security measure because direct deposit information related to their account is part of the process. We noticed an increase in phishing campaigns targeting students recently. Many of those phishing campaigns via Outlook email were successful, and the students’ compromised accounts were used to gain access to university resources.”

Students’ payments, insurance, registrations and all other University affairs are packed into their University accounts. Because of this, one compromised account may also be used to compromise several other accounts.

Yani Bucio, senior in Gies, said she thinks that a lot of students are less aware of the reasons why 2FA has been introduced.

“It’s definitely been annoying considering I have to take out my phone, get the text message, type it in and then get on with my work, which is kind of a hassle when I want to do something really fast,” Bucio said. “But it’s increased security, which is a very real issue today, so I understand the importance of it.”

Watson also spoke about the future of 2FA.

“It has become commonplace for 2FA to be used when accessing our bank via phone or computer,” Watson said. “Universities have been adopting 2FA solutions for many years now. We hope to get as many University of Illinois services behind a single login page. In theory, the beauty of getting to that point, if you are authenticating through our page, you’ll only be prompted for Duo once per device/per browser.”

2FA is beginning to become an essential level of security in today’s cyber-powered age. Even students who find it a nuisance know its importance. Love it or hate it, 2FA is here to stay.

 

[email protected]