Northwestern IT says multifactor CAESAR authentication is logical

    Photo of CAESAR double verification page

    Rather than greeting users with its usual login screen, CAESAR, Northwestern’s registration and academic database website, recently began greeting users with a page prompting them to register their phone so that they could be double-protected with a form of security known as multi-factor authentication. As of October 24, around 50 percent of students have signed up for the double verification process, according to Northwestern Information Technology.

    On October 15 at 11 a.m. NUIT enabled multi-factor authentication on CAESAR, and students have been gradually registering their phones since. NUIT justifies this change on their website by claiming that the new system works conveniently to confirm a user’s identity with something they know such as their netID and password, along with something they own such as their phones. They further state that the process is compatible with a bunch of different phones and helps mitigate threatening attacks on personal information if a user’s netID and password are somehow released.

    Once a phone is registered, there are three ways to verify a user’s identity: through “using an app on the registered smartphone, via a text message, or answering a phone call to any of [their] registered phone numbers.”

    Now, what does this mean for the average ‘Cat? The truth is, probably not much for now besides remembering to keep their phones on silent if they need to use double verification in class to read CTECs or refresh the financial aid page to see if their award has been updated. Besides the necessary re-authentication every 30 days on devices that users choose to have remembered, the double verification should not be a huge hassle.

    “The new double verification system should have a limited impact on students but will have a major impact in terms of increasing CAESAR security,” said Kris O’Brien, associate vice president of administrative systems at NUIT.

    Some students have found the the new authentication service an annoyance and had difficulty setting the system up for themselves. Other students required the help of NUIT (who can be reached for problems with the system at (847)491-4357) for help with the double verification process.

    “The entire system just seems a little unnecessary,” said Weinberg freshman Ben Chase. “I just got a new phone and the process of fixing the system was really annoying and just seemed a little over-repetitive for a website like CAESAR.”

    While the double verification process certainly has its benefits for security purposes, another point of contention regards CAESAR’s double verification mobile application on the App Store called Duo. Duo is also the name of Google’s new video chat app, which was released in August. The Google app is the first to show up on the app store when searched rather than the Duo app, relating to CAESAR’s double verification process.

    Though it may be a pain to set it up and even seem pointless at first, the new verification system has had recent evidence to suggest it is necessary. Cornell announced in June that some of their students were part of a phishing scheme (an attempt by criminals to attain sensitive online information) and Stanford has required double verification since 2013. With information such as social security numbers, financial aid information, courses and grades available on CAESAR, this decision, though slightly inconvenient for a few minutes every month, may prove beneficial in the long run.


    blog comments powered by Disqus
    Please read our Comment Policy.