Duo Two-Factor Authentication: A Question of Accessibility, Not Security

BY AMANDA TRAUTMANN

The other day I was in Slayter before a class and I realized I had forgotten to print the reading from Notebowl. This class was one where the professor insisted you have a hard copy of the text in class. Luckily, a friend of mine happened to have their laptop handy. I went to login to my account, but it stopped me at the login. It was sending a DUO Push notification to my phone for me to confirm the login.

I went to grab my phone and then realized it had died a few moments ago. I was stuck with no way to get into my account, and therefore had to show up to class without last night’s reading. While I’ll admit it’s my fault I didn’t have the reading already printed, it raises an issue about Denison’s newest security enhancement.

Over the last year Denison has suspended 28 Denison student and Alumni accounts because of reported suspicious activity. As a result, the school has decided to take some steps to increase digital security. One step was to make cybersecurity awareness training available to all students.

The second, and more controversial step, was to implement the Duo Two-Factor Authentication feature for myDenison logins. This feature requires secondary authentication when logging in using your BigRedID and password, including logging into Notebowl. Most commonly this can be achieved by downloading the DUO app and having a “push” sent to your phone each time you login, so that you can either approve or deny the login.

Another option is entering a code the app provides and refreshes regularly. A third option is available for those who don’t wish to download the app where your provided phone number will be called and then in order to approve the login you must type any number on the keypad.  

There are a some smaller issues with this new system. The most obvious being that checking your phone each time you need to view your information is tedious and at best annoying. It has also made it more difficult for campus organizations to share email information with other members.

A more serious concern is what happens to students who don’t want or can’t afford a smartphone? This particular system assumes that everyone on campus has access to the same type of technology and wishes to participate in the most up to date programming. While most of us are in keeping with the more updated technology, it’s unfair to force people who aren’t to use that in order to access essential information.

Denison awards nearly $66 million dollars of financial aid each year. Surely, with that much aid being given out the school can’t assume that every student will be able to afford the cost of a phone bill and several hundred dollar smartphone. I just had to buy a new phone last week after I took my phone in the shower to listen to ABBA and got water all over it. That put me back a solid $700.  

I’m in full support of adding another layer of protection to keep student information private. Our myDenison accounts are home to some of our most essential information both personal and academic. God knows I would not want anyone getting ahold of my  It’s essential that this kind of content not be compromised. However, I can’t help but wonder if there isn’t a more effective way to do so that would be easily accessible for all students.