Editorial: University's use of Duo is a cumbersome attempt at security
Recently, Brandeis launched Duo Security's two-factor authentication system as a means of protecting students and their personally identifiable information, according to a Nov. 6, 2018 article in the Justice. This new security measure is a required part of the transition to Workday, the new human resources software that the University is currently adopting, per a Nov. 20, 2018, Justice article. Student employees are the first students required to enroll in Duo, with many students being required to enroll by March 7. After logging into a Brandeis website, students must confirm that log-in through a push notification, text or phone call, a step added by Duo. T. While this is a commendable first step to improve cybersecurity, the decision to implement such software has several oversights, and this two-factor system might not be accessible to all students.
One of the first assumptions Duo makes is that all students have access to a smart phone or some other kind of device. Some people might rely on library computers and without the needed secondary devices, students are essentially blocked from SAGE and Latte as well as their emails and documents on Google Drive. ITS states that those who do not have access to a cell phone should contact the Help Desk for other options, but this does not address the stigma that students may feel around not having a phone. It also does not clarify what students should do if their phones die or break, something which is difficult to predict.
Although there is an option to save the login credentials for 30 days, it is not recommended by Duo. While re-authentication is promoted with the students’ best interests in mind, it is inconvenient to always need multiple devices.
While Duo adds an additional layer of protection to students’ information through their University accounts, its flaws must be addressed. This board encourages the University to reevaluate this software before making it mandatory for the entire University.