Beginning Tuesday, Western Michigan University students will be required to use the Duo Mobile application alongside their username and password to gain access to their GoWMU student portal.
Once the student enters their username and password in the GoWMU login page, they'll be redirected to a screen prompting them to "Send a Push," which triggers an alert notification via the Duo Mobile app. Students can also enter a randomly generated passcode — similar to how one would enroll in digital learning programs commonly used by WMU professors, like TopHat or Kahoot.
What WMU's technology office describes as an "extra layer of security to protect private data and personal information," two-factor authentication requires two forms of identity into WMU's online education platform.
Most commonly deployed when receiving a code via text or email, two-factor identification (2FA) has been a popular addition to Apple operating systems in recent years.
On Wednesday, students that held out on the months-long prompt to enroll in the 2FA system, were finally forced to download the Duo Mobile app to enter their student portal, which houses Elearning accounts, payment and account information, course registration and other private information.
Adam Newstead, director of strategic project and service management at WMU's office of information technology, told Western Herald on Wednesday the new login system is designed to strengthen the integrity of student privacy by further counteracting email phishing campaigns from digital hackers and scammers looking for personal and financial information.
"Most universities experience targeted phishing and scam emails to the student population. These emails are written in an influential manner that makes it seem like its from someone at the university," Newstead said.
These emails have led students to type in their username and password into a fake website, Newsted said, allowing the hackers to gain access to personal information, compromising the student's privacy.
The university has been working to alleviate these kind of attacks in recent years and plans to keep working on finding solutions to protect students identity.
"This is one of multiple projects to increase security and we are one of many universities doing the exact same thing, the experience we've had with phishing emails is not unique to us," Newsted
"We understand that not every student has a smartphone, so we spent a lot of time working on alternative access options," Newsted said. "If you don't have a smartphone that can download the Duo Mobile app, you have the option of contacting us and setting up SMS text messages that generate the unique passcode instead."
For students who don't have a cell phone at all, the technology office will provide a key fob that generates random unique codes upon each login. Newsted said special accommodations can be made for any circumstance.
"We wanted to make sure this was equitable for every student, in every project we consider accessibility needs, so we have the ability to completely bypass this for students who have no other options."
Western Student Association President Lauren Smith told Western Herald she isn't a fan of the new login method but understands the need to keep student's information safe.
"It does take longer and sometimes it's a struggle to log in because I don't have my phone on me."
While students can use the "remember me" feature, allowing access for 30 days without the need to generate a new unique password every time, Smith said she's had issues with the tool.
"I sign in on several devices and feel like the 'remember me' doesn't work all the time."
Third year supply chain management major, Fletcher Loose, agrees with Smith's assessment of the new system.
"It's trash but it's necessary," Loose said. "I think it's important because all of the information that's on our account, but it's definitely an inconvenience."
A frequent digital media user, Loose said he prefers the university's use of the Duo Mobile app compared to other 2FA systems, citing the 30-day 'remember me' option, as well as the in-app push notifications, which differentiates the application from its two-factor counterparts like what's used by Google or Apple.
According to the technology office, WMU students are making a smooth transition to the new login process. As of Tuesday at midnight, 85% of all WMU students had already signed up for 2FA.
While there have yet to be any major issues with the new system, the information technology office encourages students to contact the WMU Help Desk should problems arise.