The multi-factor authentication (MFA) rollout to Blackboard is the latest update in Quinnipiac University’s efforts to increase login security.
The office of information technology services has set MFA logins to all new systems in use by the university since March 2020. The rollout has been slower for pre-existing systems.
“Blackboard was made a priority,” said John Scott, executive director of technology infrastructure. “The overall goal in our overall strategy is to get all of our systems [to use MFA].”
MFA most commonly employs the user’s cell phone to verify a login by texting a unique, one-time-use code. Quinnipiac’s default MFA method is cell phone verification, but students can change this preference.
This extra step in verification is important, Scott said.
“It’s just the sort of the nature of the beast right now, where passwords are just not nearly secure enough,” Scott said. “They’ve just a very painful part of technology. Having to manage all these passwords for your personal accounts, I mean everybody’s in the same boat; you’ve got a million of them [passwords].”
MFA is a method that creates additional security in a world where cyber attacks are prevalent.
For students, this can be an inconvenience.
“My issue with the multi-factor authentication is inputting your phone number when it logs you out, and then you have to log back into Blackboard with your QU email,” said Daniel Cotter, a senior nursing major. “I think that’s annoying.”
Scott said that MFA is a necessary inconvenience.
“Your password is something that can become compromised [and] that happens around our campus constantly,” Scott said. “If an attacker [or someone bad] has your password they can get into your account easily. In theory, the bad person would have to not only have your password but also get their hands on your phone [to access your account].”
Scott said that everyone in the information services office must use MFA for every login, so the process is not foreign to him.
“It does add a layer and there’s really no way around that,” Scott said.
On Sept. 15, MFA was required for Blackboard logins, which caused an interruption of service to students.
“Sometimes it’s kind of annoying because I have to clear my cache and the cookies on my computer,” said senior finance major Kevin Wagner. “Sometimes when I go onto Blackboard it says to return to the sign on the page but I can’t do that unless I clear my cache.”
For students having complications logging in to Blackboard, the office of information services posted instructions on MyQ detailing how to resolve the problem.
Scott said MFA should not be a major inconvenience, as students can opt to stay signed in for 90 days when they satisfy the MFA request upon login.
“We’re hoping people aren’t burdened with it constantly,” he said.
To alleviate some difficulty with MFA, Scott said students can use an authenticator app on their phones.
The office of information technology services officially recommends the Microsoft Authenticator app, which is available for Android and iPhone devices.
Moving forward, Scott said the next services planned to switch to MFA will be Zoom and Self Service.
