Long Beach State has implemented a new security feature intended to protect students’ Microsoft accounts from hacks, but, for some, the new safety measure is causing more harm than help.
With the majority of university operations being online, California State University campuses have experienced a resurgence of hackers trying to obtain students’ information. Last October, information from CSU San Marcos was compromised after hackers were able to access university information which resulted in a 7-day halt of online learning.
To lower the chances of this happening at CSULB, the Division of Information Technology introduced a new multi-factor authentication, or two-step verification system, now requiring students to enter a code to gain access to Microsoft services that can be accessed through Single Sign-On.
The new security feature requires students to enter a phone number from a trusted device to have a code sent to the user, either through a text or phone call. Every time a student logs into a Microsoft service, they are required to enter a new code prior to logging in as a form of verification.
“At our campus, hackers are aggressively attacking student passwords through targeted phishing campaigns in an effort to divert funds from their bank accounts, and some students have accidentally succumbed to these phishing attacks,” Min Yao, vice president and chief information officer, said in an email. “Implementing [multi-factor authentication] will help reduce the risk for our students to lose money due to compromised students’ logon IDs and passwords.”
According to Yao, after San Marcos was hacked, the Office of the Chancellor urged all 23 campuses to implement multi-factor authentication.
The Office of the CIO sent an email to the student body on Jan. 22, 2021 informing the campus of the new security feature. This message was also posted on BeachBoard, however the new login requirement caught some students by surprise.
Many students have aired their grievances on the CSULB subreddit page r/CSULB, several claiming the verification process to be “irritating” and “annoying.”
Roxanne Mendoza, a third-year psychology major, received the email notifying her of the changes but said it got lost in her inbox. By the time she became aware of the email, the security feature had already put into action.
“It’s annoying. It’s so freaking annoying,” Mendoza said, referring to the two-step verification feature.
Since she uses her email daily to check for her class Zoom links, Mendoza feels it’s an inconvenience to have to wait for a verification code to login to her email. This delay has already caused her to be late to class more than five times, she said.
“I don’t like the new update because I feel like the school is like ‘hey we are gonna do something to make sure your accounts are safe,’ but they could have been doing something about this for the past year,” Mendoza said. “I understand the reasoning, but I wish they would give us a student-friendly one.”
Mendoza said she wishes that the university would be more considerate of students who don’t have access to a smartphone or those who don’t have space on their phone to download the Microsoft Authenticator mobile app, which simplifies the process to a one-touch login.
Lauren Fitzgerald, a third-year design student, said she hasn’t had an easy time with the new feature either.
Like Mendoza, Fitzgerald uses her email to check for Zoom links for her classes and experienced login delays. When she was trying to login to her student email, Fitzgerald received a message saying that no verification codes were available at that time, causing her to wait about a minute to receive a new code.
“It’s really stressful when you have a class you have to go to like right at that minute,” Fitzgerald said.
The Division of IT said it is aware of students’ positive and negative comments on the new feature and plans to expand the multi-verification process to other services while making it more user-friendly.
Fitzgerald said she recommends that the department make the new security feature optional for students.
“I think the two-step verification should probably be a choice that you can turn on or off if you want,” Fitzgerald said. “ I think having a choice would be better.”