By Isabella Cano, Mar. 16, 2021
‘Sign in, check Duo, repeat’ has become a daily routine for many in the Cal Poly Pomona community since the two-step security authentication app was announced as a campus-wide requirement for all CPP logins by April 8.
Implemented as a protective cyber security measure by the California State University system, the policy requires students, faculty and staff to enroll in the Duo service on a secondary device in order to approve a push notification or receive a code following every login attempt to a personal CPP account. While many in the campus community have already grown accustomed to using Duo on a regular basis, others have struggled to adjust.
Kylan Parayao, a third year computer science student, believes the mandate serves as a valuable learning experience, despite imperfections in its execution by CPP administration.
“It’s a sound choice and it’s a means of preparing us students for future workplaces because I have a feeling two-step authentication is going to be widespread across workplaces as we become more digitized,” said Parayao. “I think overall the main problem we are having here is that there isn’t much transparency. The way they are marketing it out is very aggressive and I don’t think this message was well delivered to the student body.”
According to the FBI’s 2019 Internet Crime Report, one of the most frequent crimes reported in the United States throughout the year was phishing. With over $57 million lost by victims of phishing, California currently holds the highest concentration of internet crime in the country. As scam emails have become commonplace at CPP in recent years, some students have found some solace in the new system and the security it provides their personal information.
However, other students, including Tricia Parker, a first year archaeology student, continue to strongly disapprove of the policy and hope for its eventual erasure or replacement. Rated two stars out of five on the Apple App Store, Duo appears to be an unpopular choice for security authentication both on and off campus.
“It seemed like even if I had checked the 14-hour ‘Remember Me’ box, it would still ask me to use Duo every single time I logged in,” said Parker. “The other option was to have it call a landline and I live in a house with other people and I can’t be calling a landline every time I need to access homework or a lecture. I wouldn’t mind just getting an email, but this app doesn’t offer that.”
Aside from the inconvenience of manually approving a login every few hours, students have begun to identify concerns the Duo service presents to low-income students.
“Have you ever logged into a website and they send you a text to your phone? Why couldn’t they have done that?” said Claudio Velasquez, an aerospace engineering transfer student. “I tried doing the callback number method and it never allowed me to log in, so I started thinking, ‘What about low-income people that don’t have another phone or a tablet?’ Should students ever lose their primary phone, they can usually have a backup device to login and be able to take that test on Blackboard. Well, those lower income people aren’t going to have a second device and if they only have one, they’re screwed.”
A Pew Research Center study from March 2019 analyzed college student income data from 1996 to 2016 and discovered that a rising number of independent students live within the poverty bracket. This is evident by the 11% increase in poverty among students who attend public and private non-profit universities.
As underprivileged students may not have access to the same resources as higher income families, the implications of multifactor authentication services like Duo may exacerbate these disadvantages in the era of the COVID-19 pandemic.
“It’s just not convenient and it can cost you your grade and your peace of mind in some situations especially if you’re an international student or you work for the government or even if you live in a women’s home or rehab where you can’t have a phone,” said Parker.
In light of these concerns, a portion of students have taken matters into their own hands. As an alternative option to the Duo app, its callback feature and passcode feature, some have requested a free hardware token, a small keychain sized device that acts as a substitute for the extra tablet or phone needed to confirm account logins.
“I mean yeah, I don’t have to download the app anymore, but now I’m going to have to carry this hardware token around with me all the time,” said Velasquez after opting out of the typical notification methods offered by Duo.
Students can now submit a request for a hardware token to the CPP IT department on the two-step authentication CPP webpage.
Feature image Georgia Valdes | The Poly Post
