Students and faculty adjust to multi-factor authentication on Moodle

Visual by James Fay // The Concordian

As the fall semester begins, many will be introduced to the new sign-in system

While new and returning students will adjust to the new log-in system in the fall semester, the summer semesters offered others some perspective into MFA’s accessibility and utility on Moodle.

Multi-factor authentication (MFA), a cyber-security tool which provides alternative verification factors to a user’s log-in information, has been in mandatory service on Moodle since the end of the winter semester. 

“Anytime I’d open Moodle on the computer for exams, or every time I go to a new tab, it asks me [to log in] every time,” said Dom Doesburg, a third-year computer science student at Concordia. “And going back and forth and having to do it each time, it gets frustrating.”

Having spent the summer taking classes, Doesburg acclimated to authenticating his log-ins, but still ran into issues on his part.

Doesburg also expressed his continued frustration with password troubles, having to reset it multiple times over the summer despite saving it on his digital keychain. This eventually forced him to reset his password three times in order to submit an assignment on time.  

“I don’t get it, nobody’s going to log into my Moodle and submit things for me,” he said. “And if they do, frankly I’ll be happy.”

Although Doesburg sees the value in protecting private information on other Concordia services such as the Student Centre, he finds the extra layer of security unnecessary for Moodle.

On the other hand, however, students like Julien Prenevost find the extra measure justifiable. “I’ve got my phone on me 99 per cent of the time, so it’s never been an issue for me,” said Prenevost, a third-year student in sociology. “It’s a nice layer of security and it makes you worry less.”

Prenevost took courses during the summer while working in IT. He said that MFA is familiar to him, as he’d use it at his work frequently.“It just makes sense for Moodle,” he added. “There’s a lot of important documents, and if someone hacks it, well, they could steal them and plagiarize you.”

Despite the ease of access, Prenevost mentioned that an alternative method of authentication to  mobile devices should be offered—- an idea echoed by Ivan Pustogarov, assistant professor at the Concordia Institute for Information Systems Engineering.

“The problem here is that students don’t have enough options to choose their own tools to get [authentication],” said Pustogarov. “From my perspective as well, I’ve wished many times I could just use my computer.” 

Pustogarov is no stranger to cybersecurity, as it’s his main field of research. He explained that MFA is often used to counteract weak passwords which might otherwise be vulnerable to hackers.

“The goal is additional protection […] to decrease the possibility of password stealing attacks,” Pustogarov said.

As an alternative to authentication by mobile phone, Pustogarov suggested implementing recovery codes. These codes would be provided to users upon initial registration to Moodle and kept in case they don’t have access to their phone.   

Concordia’s MFA system is applied through Microsoft, similar to school emails. As such, the first method of authentication is done through the Outlook application.

If the user does not have their phone, the IT service page for MFA provides a guide to log into Moodle and related services. This includes downloading the Authy app, which provides the user with a generated code accessible through any computer. However, in order to activate Authy, a mobile phone is still required. 

As the need for more versatile cybersecurity grows, Concordia is following suit and adapting— even if that means testing our patience.


Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts