Some students voice annoyance with new cybersecurity app; experts disagree

By Amina Sergazina, Staff Reporter

Ryan Brumback

Cybersecurity has been an increasing issue for colleges across the country and Columbia is no exception. In the past year, the college has endured a ransomware attack, multiple incidents of phishing emails with fake job offers and Zoom bombings, when an uninvited person disrupts a Zoom class.

On May 17, the college implemented Duo, a two-factor authentication system to strengthen Columbia’s cybersecurity.

Although cybersecurity experts have endorsed multi-authentication programs such as Duo, some students have voiced their irritation with the program.

“I felt annoyed by it, I keep having to confirm it by push [notification] or the passcode [and] the passcode changes every time,” said Chante Tucker, a junior photography major. “Maybe they should go back to the way it was before or for the extra security, we can create our own passcode.”

Duo is used to sign in to Canvas, Office365 and the student portal using a smart device by tapping a button or using a code. Students who do not have smart devices can request a Duo token that will generate a code for them.

On its website, Duo identifies two-factor identification as “the simplest, most effective way to make sure users really are who they say they are.”

Adam Everspaugh, a cryptographer at Coinbase, a cryptocurrency exchange platform, said using Duo is the easiest way to solve common security problems like bad passwords and site break-ins. Everspaugh said using Duo at Coinbase helps him protect $200 billion worth of cryptocurrency.

“[Duo] is probably the single most important thing a technology department can do to enhance security,” Everspaugh said. “Whoever in Columbia College selected Duo is probably doing the most important thing that [they] can do to improve cybersecurity.”

But Gabrielle Pelayo, a sophomore creative writing and acting major, worries about sharing her personal information with Duo and wonders how students will access their accounts if the app crashes.

“[Duo] is easy and quick but it’s, I don’t want to say unnecessary, but it takes up the seconds that you could be using to work. Just grabbing another device is not really efficient,” Pelayo said.

Kathie Koch, associate vice president and chief information officer, said multi-factor authentication programs like Duo are standard practice in everyday life. She also suggests students who feel distracted by their phones to use other devices such as smartwatches.

“To protect our identities and to protect our data at the college, we decided to move towards multi-factor authentication,” Koch said. “It’s really for our users’ protection, to keep their data safe.”

In June 2020, the Chronicle reported that a group of data hackers known as NetWalker had targeted Columbia along with Michigan State University and the University of California, San Francisco. In an abundance of caution, the college advised members of the campus community to “monitor their financial accounts and other sensitive information.”

Duo Mobile has a two-star rating on the Apple App Store. Reading the corresponding reviews written by students from other schools that use Duo concerned Estefany Turcios, a senior film major, when downloading it, as many detail negative experiences, which contribute to the low rating.

Koch suggested students read the Duo FAQ or email with specific questions.

“It’s really important we protect ourselves,” Koch said. “Duo is helping the college users protect themselves from anyone that’s trying to phish, or anybody trying to steal their information, or get into their email.”