A semester after Miami University implemented Duo, the two-factor authentication tool, some students at Miami are annoyed by the system and do not think that the extra layer of security is worth it.
Duo has been implemented at a number of schools across the U.S. with minimal issues. Miami’s IT department knew that the solution could work in academia, and it was unlikely that they would run into any problematic scenarios that hadn’t already been addressed at other universities.
Joe Bazeley, assistant vice president of security, compliance and risk management, said he was confident in Miami’s choice to move to Duo.
“Lots of other schools are going down this path,” Bazeley said.“We were not the first, and we are not the biggest … We started looking around at what other schools were putting in place, and the overwhelming majority are using Duo.”
Bazeley and the IT department ran into challenges with Duo within its first semester of use and tried their best to address them as quickly as possible.
One of the biggest issues occurs when a student or professor runs Duo and it tells them that their software is out of date. When Duo runs, it looks at a couple of different things including how old an individual’s software is as well as how old their web browser is. If either of those things are over a year old, Duo won’t work. This is for security reasons; old software and web browsers are more easily hacked.
Students have been unable to access any Miami-affiliated site in China. According to The Washington Post, the “Great Firewall of China” is a method that the Chinese government uses to both limit and monitor website usage. Bazeley believes that this is a challenging problem for the IT department because the Chinese government decided two months ago that Duo is on the list of sites that its citizens cannot visit.
In short, an individual in China cannot download or use Duo. This is a problem for Miami’s many Chinese international students when they go home on breaks.
The IT department is able to see an individual’s location when they send a complaint that they are unable to access Duo and, if they are located in China, the IT department sends them a bypass code. A bypass code is a specific nine-digit numerical code that allows individuals to access Duo without sending a request to their device.
The IT department also received a list of admitted international students from the International Student and Scholar Service, and IT is able to give all of those students a bypass from Duo.
“I hate Duo and also like Duo,” Wenjaun Ge, a Chinese international student majoring in computer science and software engineering, said. “Sometimes [it’s] too much trouble.”
Ge started using Duo during J-term of 2019. She completed a course over J-term back in China and had to login to the school system everyday to access her emails, myMiami and BannerWeb. Ge found that Duo was incredibly difficult to use.
In China, she had to use Cisco AnyConnect VPN, a security company that delivers multiple services to protect user’s information, to connect to her Duo account. She found that she could not use the option of only logging in every 14 days and had to use a six-digit VPN code every time she wanted to login.
“I have no record of logging in VPN successfully at one time,” Ge said. “It usually [took] more than five connections for a VPN to work properly. This takes a lot of time.”
Students living in dorms have to pay their RA seven dollars if they get locked out of their room.
“I hate how you have to have two devices to login to Duo because I don’t always have both with me,” first-year Ashlynn Brooks majoring in psychology said. “It [is] also so irritating if I leave my phone inside my room and don’t have my key. I have to pay my RA money to get inside my own room because I can’t ask a friend to help me get into my own dorm. It worked last semester, and now it won’t. Duo is just an inconvenience for me.”
Other students who are able to understand the security risks believe that Duo does help them.
“Overall, I think the program has been effective in protecting our information,” Cole Hankins, Speaker of the Student Senate of Associated Student Government (ASG) at Miami, said. “The biggest thing is that we are adapting to Duo, and that our IT department is working alongside with Duo. It has been as good as it can be.”
Although many students have various opinions on the implementation of Duo in its first semester of use, Bazley said it isn’t going anywhere.
“Duo, or any other two-factor authentication tool, will stay at Miami forever. There is always a need for additional security,” Bazeley said. “The only thing that might change is tweaks in the system to implement further safety for our students, staff and professors.”