After phasing in DUO, a two-factor authentication security software, for faculty last year, Whitman College extended the software to students this fall.
Duo’s self-described mission statement centers their business on people.
“At Duo, we put people first — whether that’s protecting user data for the over 40,000 customers who use our cybersecurity protection or supporting the people who work every day to make our products effective, user-focused and intuitive. We don’t thrive on fear, uncertainty and doubt; we build secure access solutions you can trust,” DUO’s website said.
Dan Terrio, Whitman’s Chief Information Officer (CIO), seems to agree with the statement’s claims of a reasonably-priced product that prioritizes ease of use.
“Duo is the solution we felt would be the most easy to use … we needed to find something to do multi-factor authentication and Duo was affordable at the time … [Duo was] something we felt could roll out easily,” Terrio said.
Terrio says finding a new authentication system began as an insurance issue.
“In order for us to continue to be able to procure insurance for cyber liability, we kind of needed to roll this out … Duo was the solution,” Terrio said.“Banks are doing this, even my utilities are doing this … they’re all having two-factor authentication just to get into your account. Everybody’s used to this, so let’s just roll it out and we check off a box for us to … continue to get cyber liability insurance.”
After Duo was chosen, Whitman’s tech team began rolling DUO out, beginning with critical staff.
“The people who have access to the most sensitive and confidential data in the institution, we started rolling it out to them probably about two years ago,” Terrio said.
The only frustration he recalls is for faculty who didn’t have or were uninterested in carrying their smartphone with them to class, an issue given that the easiest way to authenticate is through your smartphone.
Freshman Samaiya Kemp echoed this feeling.
“You have to hope you don’t get it … in the classroom. It’s a big thing,” Kemp said. “I feel disrespectful taking my phone out in the middle of class to log in.”
Visiting Politics Professor Robert Flahive seemed to agree with the annoyance at sign-in requests.
“The one aspect that is a bit annoying with Duo is the need to sign-in every 12 hours, it would be better to only do that once per day,” Flahive said. “To what extent does this system pose challenges for folks without a mobile phone or a smartphone?”
Kemp echoed some of Professor Flahive’s frustrations with the login expiration period.
“I wish it remembered your login or had a trusted device feature, a lot of other companies do and it should go beyond your phone, maybe a backup email option,” Kemp said.
Terrio also addressed security, saying that there has been a significant increase in breaches. He said that he’s glad Whitman has a more secure system as breaches on college campuses are on the rise.
“I wouldn’t even want to guess what Western Washington University would have to pay, I know Lewis and Clark [College] also got hit recently, so it’s good that we have something in place for security’s sake,” Terrio said.