USyd students have roundly criticised the University’s new two-factor authentication (2FA) system, Okta Verify, which was rolled out earlier this year.
Some students have reported being locked out of critical University systems, including Canvas and Sydney Student, after changing phones or keeping an older phone.
Because Okta Verify does not allow students to change their second device on which they verify their identity, it means that a student cannot access their University account if their phone is lost, broken or sold – or simply runs out of battery.
One student told Honi that they could not submit an assignment which was due on the Easter long weekend, as the University’s ICT hotline was unavailable to switch their device.
Another student similarly said they had resorted to carrying their old phone around with them solely to log into Canvas, while a third said that while they were “lucky” their old phone hadn’t been sold, the University-provided information regarding switching devices was “convoluted”; they ultimately solved the issue by turning to Reddit for advice.
In addition, as Okta Verify is incompatible with Apple operating systems older than iOS 13, some students were unable to download the app in the first place, leaving them without access to University systems.
One student said that as their iPhone 6 was unable to upgrade to iOS 13, they were directed to an instructional page to an alternative authenticator such as Google Verify, which requires calling the ICT hotline.
“It felt very weird to have to wait on hold for something that should have just been a simple matter,” they said. “[It was] not the first (and definitely not the last) example of the uni complicating a simple process.”
Another student said that as Okta Verify had not whitelisted a particular site that they needed to access through their University account, they were unable to download a letter of offer for a tutoring position at the University.
A University spokesperson told Honi that they were “aware that some of our students have reported issues with signing in,” and that the University would be “providing support on a case-by-case basis”, including a troubleshooting guide.
Several Australian universities are rolling out Okta Verify as their 2FA provider, including the University of Adelaide, the University of Newcastle and Monash University, who implemented 2FA after suffering cyber attacks.
The University said that 2FA was a “proactive measure to increase the University’s resilience to cyber threats”.
But despite students generally supporting increased security, several students expressed that using 2FA for Canvas was “useless” and inconvenient, with the option to not “challenge” the user on a device not working if the user wanted to sign in on their phone.
One student memorably described Okta Verify as like “an insecure partner who needs affirmation every single time.”
More broadly, students criticised how 2FA created distractions while studying, with some questioning how they could log into Canvas using their phone if they needed to take a supervised exam, for example.
“I need to retrieve [my phone] from its hiding place every time I want to log in,” said one student, with another saying that “needing to pull [my phone] out whilst I’m trying to concentrate is really frustrating.”