Opinion: A Midterm Review on Multi-Factor Authentication

Opinion: A Midterm Review on Multi-Factor Authentication

Since The Brunswickan published our first article summarizing concerns over the University of New Brunswick’s recent implementation of multi-factor authentication, several new concerns have been raised that had not been addressed in the first article.

Firstly, the issue of verification via cell phones goes beyond the issue of the Microsoft Authenticator App only being available for smartphones. The alternative method for authenticating via a cell phone is to sign up for SMS (text message) requests. This seems as though it would be a good solution for those who have older phones, or types of phones that are not compatible with the Authenticator App – however, it promises its own problems.

Many of us are used to texting without thinking twice about it. Through services like Facebook Messenger, Snapchat, or iMessage, the issue of paying for actual SMS text messages isn’t something that is commonly discussed nowadays, especially as unlimited texting plans become more and more popular. That doesn’t mean that there aren’t people who still have to regulate their text message use, as some phone plans put a monthly cap on the number of texts that can be sent, or charge overage fees for texts after a certain number is reached. This means that even with the SMS work-around to avoid using the Microsoft Authenticator App, there is still a personal cost incurred on the user. 

Not only are there possible unforeseen costs, it also seems slightly counterintuitive to be asking students and professors to be using an additional personal device to access their Microsoft services, since it is commonly held knowledge that one of the best preventative online safety measures is to access accounts only through secure devices and networks. 

Putting additional strain on students and staff during a pandemic just doesn’t seem to sit right. Anytime an issue is raised on the subject of technology and access, the answer always seems to be, “Find an alternative,” or worse, “Just ask for an alternative.” People who give answers like that have never been the person who needs the adaptation. 

No one should be forced to go to IT Services and say, “Hey, I can’t afford an iPhone.” It’s a humiliating experience and it’s not fair. It’s like being back in elementary school and having to tell your friends you can’t afford the field trip. People scrape and save and work to be able to afford to go to university – and staff aren’t being paid a fortune either. Adding multi-factor authentication isn’t a bad idea – but mandating it when it creates accessibility barriers is wrong. If the system doesn’t work for everyone equally, the system needs to be changed. That’s all there is to it.

Share this article: