By Riley Prillwitz
Throughout the past year, Colorado College ITS has been introducing a new Multi-Factor Authentication system for staff and students.
The goal of the new system is to prevent hackers from stealing information from anyone using an account through the school. This will be applied to the single sign-in page on the CC website.
“Last year, we experienced a high number of compromised credentials caused by email phishing,” said Jeff Montoya, information security engineer at ITS. “The impact didn’t reach a level of data compromise, but if it had, that could have been considered a data breach.”
To protect data from this kind of compromise, CC ITS has taken action with Multi-Factor Authentication (MFA).
“MFA is a way to confirm an individual’s identity in addition to username and password,” states the CC website. This could be anything from a pin or a code, to a phone call or app, or even a fingerprint scan.
According to Montoya, the school decided to use the “platform that requires an application on a smartphone or tablet, or a hardware token that provides a one-time-pin.”
CC will achieve this by implementing the new authentication process through a software platform called Duo.
“Duo is focused on the people actually using the technology, making it user-friendly, and has been chosen by many higher education institutions as their MFA software of choice,” writes IT Project Manager Linda Petro in an MFA FAQs article.
There will be multiple ways to get the second layer of authentication. The CC website says that there will be a “code that is texted to you or can be confirmed through a phone app.”
If receiving a code through a phone is not an option, there is also a device called a “token” that creates a code when the button is pressed. Every time a login is required, a new code will have to be produced.
While the school is trying to get the system in full swing by the end of the year, there are some factors slowing down the process. Molly Hiniker ’20 was added to the system at the end of Block 2, but has not set up her authentication software yet.
“I haven’t started using it yet because it says that it takes a few minutes to set up and that it also makes you re-log in to your email on your phone, which is always a pain to set up,” Hiniker said. “I just haven’t gotten around to going through and setting it up on all of my devices.”
Another issue slowing down the registration process is that some international students who have phones from their own countries may not be able to set up the new software at all.
“International students from China have a limitation since the use of the Google Play store is not allowed in that country,” Montoya said. “Students need to be able to download the app for authentications.”
While some students consider the new login process to be more of a hassle, ITS says there are benefits that will help users with convenience as well.
“We will no longer require most CC community members to reset their passwords at a set interval,” said Assistant Director of Solution Services Chad Schonewill. According to Schonewill, the new system “will allow any account with Duo MFA set up to access Banner SSB directly from off campus without having to go through VMWare.”
Schonewill also noticed that students who are already set up with MFA are requesting a passcode when logging in, which may not be the most efficient method.
“My tip would be to try using the ‘send me a push’ option instead — it’s much faster since you just have to tap an ‘approve’ button instead of dealing with the codes,” he said.
The ITS office plans to have MFA completely in place by the end of 2019.