DUO, either you love it or hate it

Alex Huerta/The JTAC

Kylan Mills uses the DUO app on her phone to log into Canvas on her computer.

Since Feb. 4, Tarleton faculty, staff, and students have been required to use the multifactor authentication software, DUO, to access campus systems such as Canvas, myGateway, Tarleton State Library Resource Databases, Banner, CampusLogic, Turning Technologies, and Syncplicity. The use of DUO is required to comply with Texas A&M System Regulation 29.01.03 and to enhance security of information technology (IT) resources and infrastructure.

DUO is a specific type of multi-factor authentication that strengthens access security by requiring two methods of identity verification. These factors can include something you know; like a username and password, plus something you have; like a smartphone app. Two-factor authentication protects against phishing, social engineering, and password brute force attacks, which in turn secures your logins from attackers exploiting any weak or stolen credentials.

Although Tarleton faculty and staff began using DUO last semester, it is new to students. There have been many signs of frustration with the new change. I concede, it does make our information safer and there are many ways to become exposed on the internet. However, needing my phone to simply log into Canvas and check the due date of an assignment or to look up a source in the Library Database is a bit obnoxious.

Not only do I find it a hassle, but it can also impede on the classroom setting. I have teachers who prefer to never have my phone out in class, but also require me to use Canvas during class, thus leading to a frustrating contradiction. Something that used to be so simple now creates problems with my professors.

A major downfall to two-factor authentications is the reliance on the authentication device (smart phone) always being available to the user. Every normal teenager or twenty something person I know has lost or misplaced their phone at some point. Additionally, at least one person in every friend group I know has had their phone stolen or broken.

What happens with your two-factor authentication method then? If your phone is lost, stolen, or broken, it is impossible to get into these necessary school applications that require two-factor authentication. A
college employee or student rarely spends an entire day without using any of the applications that they usually utilize daily.

These are problems that Tarleton has yet to address. Surely there is a recovery mechanism, but that is likely to take you back to square one of resetting an account and a two-factor authentication device.

Using DUO two-factor authentication each of the hundred times I log into Canvas or myGateway in a day is not practical, and let me just tell you, the “remember me for two weeks”, button does not always work. As a student, I am much less concerned with security than I am with convenience.

I understand the need for security with university employees accounts, but many students can attest that DUO two-factor authentication is not something they value, and most find it to be a nuisance.