DUO is unpopular in the USD Community

USD students question the need for new security protocol

SALENA CHACON / ASST NEWS EDITOR / THE USD VISTA

Simulated phishing emails aren’t the only thing ensuring USD students’ cyber security this semester. New this year, USD requires multi-factor authentication (MFA) using the app DUO as an additional way to protect student’s information. Students are required to confirm their identity through a second device when logging in to USD systems, such as email, MySanDiego Portal and Blackboard. 

Many students are not happy about this new system. 

USD first-year  Jordene Garcia expressed that the authentications are tedious, especially during a presentation in class. 

“When we have to hook up our laptops to present in class and then I get the DUO push, I have to go back and grab my phone,” Garcia said.

A password and ID are no longer sufficient to ensure safety against hackers and phishers. MFA was implemented because of an increase in cyber security incidents, according to Information Technology Services (ITS). Specific incidents were not given by the ITS website.  

Hackers are becoming alarmingly adept at compromising passwords, especially since many people use only a few different passwords across many accounts. Information is extremely vulnerable when it’s   only  password  protected, and MFA ensures that USD accounts are secure on a level that’s harder for hackers to compromise, according to ITS.

USD is not the only school to reinforce their cyber security. Schools similar in profile to USD, such as Santa Clara University and Pepperdine, both use a two-factor authentication method powered by DUO to confirm identity. 

In an email announcing the program to students, ITS wrote, “this technology has become the standard at most companies/universities and is also required by cyber security insurance providers.”

USD junior Christopher Schafer works at the ITS office, and complications with DUO have overwhelmed him at his job. 

“I started this fall, and it’s definitely had an impact on our job. One of the bigger issues we have is getting people logged back in, because if you log in three times and it doesn’t work, then it kicks you out,” Schafer explained. “Relogging people back in is definitely a big part of my job and a big percentage of the calls we get.” 

Schafer also mentioned that getting logged out of accounts happens to both professors and students, but the issues are becoming less frequent as the semester progresses. 

“It’s gotten a lot better since it rolled out at first, because people have kind of figured it out,” Schafer said. “But it definitely happens when people change phones or when they lose their phones or different specialty cases like that.”

three boys looking at computer
Students need to use the app DUO to confirm their identity through a second device when logging in to USD platforms.
Photo courtesy of https://www.sandiego.edu/its/support/labs/

Students and faculty getting logged out of their accounts is not the only issue with the system. Garcia noted that certain features don’t work on her account.

“I know sometimes they say you should click the thing that says ‘remember me’ but it won’t let me press it, so I have to get my phone out each time,” Garcia said.

Similarly, USD sophomore Max Kobs identified problems with the system.

“It’s kind of annoying because I feel like it would be a lot better if, when you selected ‘save for seven days,’ that actually worked all the time. That would be nice,” Kobs expressed. 

While increased security is frustrating to many students, privacy is crucial as hackers become more prevalent. Many schools in Southern California, such as the Los Angeles Unified School District, are experiencing threats to their cyber security. Although no reason was explicitly cited for enforcing MFA at USD, these threats could be the reason why security has heightened. 

The Los Angeles Times covered these incidents, reporting that “Hackers this year have attacked at least 27 U.S. school districts and 28 colleges,” according to cybersecurity expert Brett Callow, threat analyst for the digital security firm Emsisoft. “At least 36 of those organizations had data stolen and released online and at least two districts and one college paid the attackers,” Callow said.

October is Cyber Security Month, and ITS has many resources on their website for students to learn more about protecting themselves from cyber security threats. These resources include phishing, spam, identity theft information, virus and malware protection and multi-step training to better understand how to protect yourself online.