By The Gatepost Editorial Board
This August, Information Technology Services rolled out a new security feature for students - Microsoft’s multi-factor authentication (MFA).
This feature requires students to download the Microsoft Authenticator on their phones in order to log onto their student email accounts, and acts as a form of two-factor authentication, an increased method of account security.
The MFA can also be set up by linking it to a phone number that can receive codes via call or text, or by sending a confirmation email to a non-school account in order to approve login attempts.
Considering the number of phishing attempts in this digital era, this increased sense of security is not unnecessary to help protect students’ private information.
However, the way in which the feature was implemented without warning or any sense of guidance on how to use it is unfortunate. It is indicative of how stressful a new technology rollout can be when there is not sufficient support from ITS.
Students had a one-week warning that this change was going to happen. ITS sent out a lengthy and complicated email before school started, when most students rarely check their emails. And when they do, they are often faced with a large backlog of messages they need to comb through.
Therefore, when the MFA was enacted on Aug. 31, several students were blindsided by the new feature, and spent hours trying to figure out how to log back into their email when they had other important tasks to complete in order to get ready for the school year.
No training was available on how to use the security feature. It was just the one email, which if students logged into their accounts after Aug. 31, they never had the chance to read.
It wouldn’t be improbable that many students still are struggling with the security feature and do not check their student email because it is too bothersome to figure out how to use the new system.
Some may ask, “Why don’t students just call or visit ITS?”
Well, what about first-year and transfer students who were just learning about resources around campus, and were not yet familiar with how to get in touch with ITS?
Furthermore, at the beginning of the school year, a great number of ITS staff members are trainees, student workers who have just begun their positions and know very little about how to fix technology.
Due to this, ITS becomes quickly overwhelmed with students and faculty needing assistance, and it can be hours before one is helped.
Outside of the 8 a.m. to 4:30 p.m. full-time hours, only student workers are able to help with technology issues.
This leaves people with an MFA issue waiting up to 24 hours for a full-time staff member to assist in troubleshooting, as ITS student workers can only help if the user is still logged into their email on another device.
MFA also presents accessibility issues for students who do not have smartphones, do not have charged smartphones, or do not have a secondary email.
If a student does not have a smartphone or secondary email handy, and is randomly prompted to authenticate their sign in, they will not be able to sign in. This becomes an issue because this is not something the affected student or any part-time ITS member can solve alone.
In an ideal world, multi-factor authentication would work perfectly.
But we do not live in an ideal world - we attend Framingham State.
The rollout for this feature should have been gradual, testing it out on waves of students to work out the kinks first, rather than throwing it on us all at once with a week’s warning.
This would have reduced the level of stress on both students and ITS workers.
If they need it, students should be offered training with an ITS professional on how to use MFA and troubleshoot lockouts. Now that the feature has been rolled out, this training could even be undertaken as part of orientation along with tutorials on how to use other technology platforms for the University.
And there should be a way to reach ITS professionals outside the hours of 8 a.m. - 4:30 p.m. for when MFA malfunctions.
Or at least higher-level student workers should be available to troubleshoot these malfunctions, as well as have access to override lockouts.
Students are expected to work an extra four hours per class, per week. A lot of that work involves access to an email.
It only makes sense they should be able to.