Swarms of students have been heard letting out wails of despair since Dec. 16, 2016, after enrolling in the new Notre Dame online security system, the two-step login. The more experienced and perceptive knew better, waiting until Feb. 7 before committing themselves to a world sheltered from cyber malice.
With the new security feature, the Office of Information Technologies (OIT) requires all ND web users to enroll a device of his or her choice — a cell phone, desk phone or tablet — by installing the Duo Mobile app. Students who prefer otherwise can also use landlines and key fobs. Once enrolled, the user must approve of the login attempt on the enabled device by accepting a notification or by responding to a call. There is no opting out once registered.
With this system, one’s professional and personal information is secured from phishing scams and malware beyond a mere password and netID combination. For most applications, the user can simply remember the device for 30 days before being prompted for the second login step.
Most Notre Dame students constantly check their emails and access different software through InsideND. The balance between convenience and safety can be hard to reach. For many, the two-step login seems to bring more inconvenience than security.
“It ruined my life. I went to work and my phone was dead,” freshman Abigail George says, “and I had to email stuff to my boss, but I couldn’t because of two-step login.” When speaking about the enhanced security measure, some can be extremely emotional.
For others, it’s an issue of understanding the purpose. As sophomore Vivienne Xiao says, “It’s not overly troublesome; however, I feel like it’s pretty dumb.” A similar view is echoed by freshman Maria Amenabar, who says, “I’m already running out of storage on my phone and this is just taking up space without doing any good.”
What brought about the sudden change? According to Ronald D. Kraemer, vice president for information technology since 2010 and chief information and digital officer since 2013, there was not “a specific event at Notre Dame that triggered our decision to implement two-step login, but there were numerous events at other universities and organizations.” In fact, “the program was piloted for almost a year before fully including the faculty and students,” making it a long and well thought out endeavor.
Kraemer also points out that, “About 63% of confirmed data breaches involved weak, default or stolen passwords,” according to the Verizon 2016 Data Breach Investigations Report.
Many big firms today are employing similar authentication systems. In the real world, security is a real concern, and any information leak can result in the dismissal of the employee held responsible. According to OIT, security experts also recommend users of Facebook, Uber, Amazon, Spotify and other such websites to activate the two-step login function should they have valuable information they want to protect.
Like Notre Dame, other academic institutions have made similar changes in their security system. Indiana University requires two-step login for staff, student employees and retirees. Students are welcome to opt in if they would like, but the university does not require enrollment. At Boston College, two-step verification is only required for certain functions, such as “PeopleSoft Financials” and changes to passwords or security questions. At Harvard, everyone is required to enroll in two-step verification for all the university resources.
The extent to which students are required to employ two-step login will always be a question of controversy. After all, some value their privacy and information more seriously than others. It might be difficult for some to appreciate the security feature unless they personally fall victim to cyberattack. Until then, Notre Dame students must find peace with living in a world filled with a constant rush for cell phones.