Sunday, May 24

UCLA students, staff reverify initial mixed response to multifactor authentication

Multifactor authentication was implemented campuswide April 2018. Students and faculty are still divided on whether it is an inconvenience or extra security. (Daily Bruin file photo)

Some students and faculty said they think multifactor authentication is still an inconvenience a year after its implementation, while others said they appreciate the extra security it has provided.

Multifactor authentication requires students and faculty who are logging into their UCLA accounts on websites such as MyUCLA to provide two forms of identification. All students were required to enroll in multifactor authentication April 2018 following a major cyberattack on a UCLA administration server.

UCLA Information Technology Services representatives said they understand multifactor authentication is inconvenient but that they think the security it provides outweighs the costs.

David Shaw, the interim director of the UCLA IT Services’ information security office, said in an email statement that multifactor authentication is necessary to protect students’ data.

“Prior to multifactor authentication solutions, passwords were the most common protection for access to systems,” Shaw said. “Over the years, hackers have developed sophisticated tools which are capable of guessing most passwords up to 15 characters in length within a matter of days.”

Junghoo Cho, a professor of computer science, said he thinks multifactor authentication is necessary but that most schools that use it only require their students provide secondary identification to log into their accounts about once a month. UCLA students have to use multifactor authentication several times per day or every time they log in.

“I don’t know why UCLA decided to deviate from the norm that most of the other services and other universities use, which is allowing us to designate a machine for us, as a trusted machine, so we have to (reverify) once a month as opposed to several times a day,” Cho said.

He said other universities, including Harvard University, Stanford University and the Massachusetts Institute of Technology, have also implemented multifactor authentication, but they allow students to designate trusted devices to cut down on the number of times they have to use it.

Cho said the inconvenience of the current multifactor authentication system deters students and faculty from using MyUCLA regularly, which he said defeats the purpose of the added security.

“Because it’s so difficult to use any of these UCLA services, I tend to not use them,” Cho said. “That is not good for anyone, actually.”

Students had differing views about multifactor authentication. Some said the security it offers makes the extra time it takes worthwhile.

Ellen Si, a first-year biochemistry student, said she thinks multifactor authentication ensures account safety and that the Duo Mobile app makes the login requirement more convenient.

“It makes people aware that you are supposed to be taking steps toward safety since most people don’t change their passwords for a very long time,” she said. “I haven’t for a few years.”

Ben Negose, a fourth-year environmental science student, said he had heard about other large hacks in recent years, so he appreciates the reasoning behind the administration’s implementation of multifactor authentication.

“I see the the purpose for multifactor,” he said. “Also, I know Apple has a similar service they offer if one requests to do it, so I’ve been doing it on there as well.”

Negose said his Duo Mobile app has generally worked smoothly but added he has had trouble reverifying his account on a new phone.

Other students said multifactor authentication is often an annoyance.

Manvel Yelanyan, a first-year chemical engineering student, said his app occasionally malfunctions, forcing him to restart his phone.

Yelanyan said he liked the extra level of security provided by multifactor authentication, but that he finds it inconvenient to have to reverify his identity every time he logs into MyUCLA on a different device.

“If you want to check something really quick on your phone, I want to be quick,” Yelanyan said. “But then you have to switch apps and then go into the Duo app and click on the authentication thing.”

Shibhon Shepard, a second-year biology student, said she thinks multifactor authentication has been a hassle.

“I personally don’t see the point because I just want to do my homework,” she said.

Lisa Jones, director of customer support services in UCLA IT Services, said in an email statement that after a full year, Bruin OnLine has gradually seen a decline in student requests for help with multifactor authentication.

“After a year or so of implementation at UCLA, and as more people see other commercial systems offering multi-factor authentication, Bruins have a better understanding and acceptance of these systems and how to use them,” she said.

Assistant News editor

Nucci is the 2019-2020 Assistant News editor for the Features & Student Life beat. She was previously a contributor for the Campus Politics beat from 2018-2019 and Copy staff from 2017-2019.

Comments are supposed to create a forum for thoughtful, respectful community discussion. Please be nice. View our full comments policy here.