2FA is the bane of my existence

21/11/2022

The trials and tribulations of DUO two-factor authentication

Article Image

Image by Emilie Stokeld

By Charis Horsley

Two-factor authentication is becoming the very bane of my life. First, it was Gmail, and now it's the DUO App when accessing York’s VLE. There is no other way to enter. There are multiple issues with this new development. It’s always at the final hurdle, my hard working endeavours are left quelled and silenced. I finally stop procrastinating, face the fatal reality of work, and yet, two-factor authentication rears its great green head. It looks me in the eye with smugness; it knows I only have a halfhearted appetite for academic toil, and at that point, I may as well give up on doing any work at all.

Google seems to assume that I'm one of those who insists on chemically fusing with their devices. Glued, magnetically pulled, locked in an unbreakable vow: everyone’s phones have somehow become a metastasized culture, like an ingrown toenail. Find me someone on campus without their phone sewn into their skin.

This is, for me, a bold assumption from Google. I refuse to bend to their corporate pressure: I enjoy the distance; I need the space. I’m not in favour of catching attachment issues. Except, this was the case until two-factor authentication swiftly slaughtered my plan. I can no longer travel anywhere for academic purposes without my phone with me.

It is a major misjudgement to expect students to have a phone about their person at all times. What about those of us who embark upon a wild one in Flares, only to wake up with little to no memories and a very absent phone (there’s always one). It’s an accessibility oversight to expect all students to always have their phone on their person. Connection goes hand in hand with this: Duo cannot work when unconnected, so if you’re not working on campus, you had better hope you always have an excessive amount of data to unlock the door to the VLE.

This security method was moderately acceptable when imposed on Evision, a site containing important personal details, worth protecting. Yet I am baffled by its necessity for the VLE, a purely practical space for seminar and reading information. Tell me who, with access to my laptop, has a burning desire to nosey around in my Medieval Literature critical readings? I’ll happily hand those bad boys out for free.

If extra security is what is desired, a range of passwords and personal questions are solutions. Technology is advanced; there are plenty of other options. Instead, this new method advocates the need to be constantly online. When discussing my issue to the University IT team, they seemed genuinely baffled by the idea that someone might not be planning to have their phone with them. On recovery from their shock, they offered a list of alternative methods for authentication. All bar one requires a mobile phone, a hardware security key. I have yet to find someone who owns one of these. At long last I was glad to hear of an alternative: security codes released in batches of ten, each one of which can only be used once. This list of codes in your notes section or scrawled in a notebook would be even easier to nick than your password, defeating the entire purpose. However, these codes are only available for your Gmail account. There is no alternative solution for the VLE.

The DUO app itself is an issue. It’s bright, and it’s ugly, taking up space in my phone storage which instead could be Subway Surfers. Employed for no purpose other than to verify myself when I log into York sites, it has long since outstayed its welcome on my homescreen. Due to these recent issues it has been evicted from my homescreen city centre to the back alley folders, inhabited by the equally useless compass and books app.

Imagine sitting in your morning 9am seminar, sat directly opposite your dreary lecturer. A panic rises as you realise you have not done the reading for that week. Since you have not bothered to read any of the fifty page documents by Rousseau there is nothing you can do except wait in excruciating silence, unable to answer the tutor’s questions permeating the air. They linger, since no one else feels bold enough to broach answers in case they find they are barking up the wrong tree, thereby committing social suicide. The solution is to find the readings, faking some level of understanding. You open up the VLE to find once again you're thwarted. Two-factor authentication glaring you in the eye. You cannot whip out your phone for fear of breaking seminar protocol. The tutor will assume you haven’t done the reading, or you have no comprehension of academic etiquette. The bubble of hope for the seminar deflates depressingly.

The longer term issue of two-factor authentication is, where does it end? Three years down the line, will we have to factor ourselves through the barriers of the library? Perhaps The Incredibles will become a reality, as each of our eyeballs are scanned before we enter lectures. Dystopia awaits.