DUO multi-factor authentication becomes mandatory

DUO multi-factor authentication became mandatory for all students, faculty and staff on Feb. 19. The program requires participants to use a second way of authenticating their identity in addition to their password. Options are a smartphone app, keychain fob, landline, or tablet. Calvin Information Technology began the rollout of the DUO security in the fall of 2019 in order to combat phishing attacks. Until Feb. 19, enrollment was voluntary. 

Adam Vedra, associate Chief Information Officer of CIT talked about how the implementation of DUO has gone. As of Feb. 19, 75% of the university population had voluntary enrolled, while 25% had not. He noted that most of the 25% of holdouts were students, not faculty or staff. Those not yet enrolled in DUO will have to register in the upcoming days in order to regain access to their Calvin accounts.

According to Vedra, the rollout process went smoothly. He said that the main difficulties were encountered when helping students studying abroad enroll, as phones from other countries encountered issues with the system.

“People seem to enroll themselves without help from us,” said Vedra. This reassures him that the students who have yet to enroll will most likely not struggle or be delayed. 

The reception of DUO by Calvin students has been more negative than not.

“I don’t like the fact that I have to use my phone number,” said junior Betty Kliewer, who also noted that DUO seems to place an unfair hardship on those without cell-phones. This concern for those without easy access to phones was echoed by sophomore April Volzer. “I always have my phone with me, but I know some people don’t so it must be inconvenient,” she said. Another student, David Mayor, is currently locked out of his account now that DUO is in place, because he has currently misplaced his phone. 

Vedra pointed out that there are other options for DUO besides using a smartphone. CIT offers DUO keychain fobs for anyone who wants them, for a refundable deposit, and is considering making other forms of hardware available. However, this option is not very popular so far. Vedra said that only 1% of total Calvin DUO users are using the fob option. Those who do choose to use a fob are mostly faculty.

Other students cited the hassle of DUO as the reason for their criticism. Sophomore Tom Takeuchi called the program “too annoying.” First-year student Robin Kollar said DUO is “a very irritating way of doing what should be a simple process.”

However, some students offered more positive reviews of DUO. “It is important to think about security because cybercrime has been increasing,” said Oula Salih, a first-year student. “I like DUO in the sense it makes it easier to do authentication,” said sophomore Jacob Brink. Another student, Hyechan Lee said that he considers DUO to be “more work,” but added, “If it’s helpful for security I’m fine with it.” 

Several students also offered suggestions for revising the program requirements. “I think there should be an option [to have or not have DUO],” said Danny Parisien. Brink suggested that Calvin passwords should be decreased in length now that everyone has to have DUO. 

The ultimate goal of DUO is to counter phishing attacks and protect personal information. CIT is hopeful that DUO will cause phishing attacks to “decrease significantly, if not go away entirely.” “The inconvenience is going to be worth it,” said Vedra.