Multi-factor authentication expansion gets mixed welcome

The Polytechnic also includes tips for using the DUO MFA tool.

The next phase of Rensselaer’s Multi-Factor Authentication roll out hit the campus community on Wednesday. In November, the Institute expanded the number of sites requiring MFA for all Rensselaer employees. On Wednesday, the policy was expanded to include all members of the Rensselaer community.

Ever since the May 2021 cyber attack that led to the temporary institute network shutdown, the institute has progressively increased the use of the DUO MFA tool through the Duo Mobile app to gain access to various campus services to increase network security. Multi-factor authentication requires users to affirm login requests through the use of another trusted device such as a cell-phone. Immediately following the attack, the institute required either a campus network or RPI VPN connection in order to access RoundCube. The VPN requires MFA in order to sign in.

The expansion was met with a mixed response on social media. Multiple posts on the issue appeared on the RPI subreddit on Wednesday. User u/Dayen_ wrote “How can we go about getting the school to stop with the 2 factor app?... I'm getting tired of pulling my phone out of my pocket every 5 seconds to look at lms and everything else we have to log into.” The post garnered 49 upvotes and 17 comments as of Thursday night. The post’s comments saw criticism of RPI’s approach. However, not everybody was against the increase in security. Also seen was a “Two Factor Authentication Appreciation Post,’' from u/redfesfin, which received 80 upvotes. In another post, u/phi11ipus commented “Is a push notification really that hard to tap?”

Here are some tips for using Duo Mobile

Clicking “Enter a Passcode” will bring you to this screen.

You can then either get a passcode from the Duo Mobile app or have 10 new one-use passcodes texted to you by clicking "Text me new codes". These passwords can be used in the future on DUO screens like above or for the ‘Second Password’ when connecting to the VPN. You can even conveniently store these on your computer for use when you do not have access to another device. Each passcode can only be used once, so remember which ones you have used. This is made easier by the fact that the passcode's first digit will go in ascending order from 1 to 9, followed by 0. DUO authentication screens will tell you which digit you are up to. However, the Cisco AnyConnect Client, for use with the VPN, will not.

For those not wanting to enter a code when connecting to the VPN, you have the option to send a push notification to your phone by typing ‘push’ in the second password field.