
Prestigious University: Your Multi Factor Authentication Is Cancer - avyfain
https://medium.com/@Skorlir/prestigious-university-your-mfa-is-cancer-29404151357c
======
resfirestar
>A thoughtless edict in favor of some bullshit enterprise definition of
“security” that disenfranchises or inconveniences students every time they try
to pay their tuition or view their grades or register for classes is
unacceptable. It doesn’t matter what percentage of students it inconveniences
unfairly — Multi-Factor Authentication should be optional, like it is
everywhere else.

I disagree here. A university's cloud is a resource with different security
requirements from "everywhere else". Even as a student, your login probably
grants access to things like a directory of every student and faculty member,
selectively shared files on GDrive or OneDrive, access to university networks
through VPN, and an institutional email address that can be abused to obtain
other privileged information. A university is completely justified in making
security choices for the student in order to protect other students, faculty,
and staff.

Of course, they ought to get it right, and there seem to be valid concerns
about Duo.

------
ithipster
more on the fake multifactor:
[http://ithipster.com/34.html](http://ithipster.com/34.html)

