By Conor Lowery, Ashley Sieloff & Vicki Herd
Why does a multi-factor authentication (MFA) system have students and faculty at the University of Wisconsin-Green Bay (UWGB) peeved? In March 2024, the university adopted Okta Verify to replace both Duo, used by Faculty and Staff, and Microsoft Authenticator, used by students, as the university’s MFA service. Like any transition of systems, the students and faculty have expressed a variety of opinions on the system. Okta primarily provides MFA services used by organizations and companies to secure online accounts and information. Okta’s system works by either sending codes to a device or through the installation of the “Okta Verify” app.
Okta Verify is a mobile application designed to ensure that users are capable of properly identifying themselves and also provides security for their devices, data, and online accounts. “When end users sign in to Okta, they can verify their identity by approving a push notification in the app, or by entering a one-time code provided by the app into Okta,” reads the Okta Verify guide on Okta’s official assistance website.
Why Okta?
The Fourth Estate spoke to UWGB’s Information Technology (IT) department about the change. “Okta offers enhanced functionality compared to our previous solution,” said Director of Infrastructure Services with the Division of IT Steven Schilhabel. Their long-term goal is to streamline and consolidate their systems into one platform for all users.
Schilhabel went on to explain more of the nuances of Okta and why it was chosen: “After evaluating multiple MFA platforms, Okta emerged as the most suitable choice for our campus. One alternative proved to be cost-prohibitive for scaling across all users,” Schilhabel stated, before continuing, “The transition to Okta not only yields cost savings but also anticipates future cost avoidance, particularly with upcoming changes in Microsoft licensing expected to take effect over the Summer.” Schilhabel also stated that Okta was a logical choice because it was already being implemented for other purposes within the Universities of Wisconsin (UW System).
Schilhabel stressed the importance of having a multi-factor authentication system, saying that “MFA plays a crucial role in bolstering the security of our accounts and data. In compliance with UW System Security Policy 1030.A, MFA is mandated for accessing several systems. Schilhabel was quite explicit about the fact that MFA policies are mandatory and that colleges consider them necessary to defend students’ information. Schilhabel also noted high rates of compromised accounts as a reason, saying that “Beyond regulatory compliance, the necessity for MFA arises from the prevalence of compromised accounts prior to its implementation. Previously, IT would encounter three to five compromised accounts weekly, leading to potential security breaches and extensive remediation efforts.” UWGB’s IT department supports the use of Okta for both its cost concerns and security and notes that the MFA is unlikely to leave college campuses due to the continued evolution of technology.
How Students Feel about Okta
Morgan Andrews is a senior at UWGB majoring in Communication with emphases in Social Media, Public Relations, and Journalism. When asked about her opinions on Okta as the new verification system, Andrews had mixed feelings about it. She is in favor of the push notification aspect so she doesn’t have to receive a code on her phone but setting up Okta was difficult for her and she felt like she had no guidance on how to do so from the university.
Andrews believes a multi-factor authentication system is important for security purposes, and explained that it makes her feel more secure. However, the MFA approach is required for every sign-in, which can feel tedious and time-consuming. She acknowledged that sometimes she would have up to five text messages on her phone with codes because of the new verification system Okta. While she supports its use, she said she wishes it was simplified.
Daniel Bestul is a Senior at UWGB majoring in Communication with emphases in Mass Media, Public Relations, Social Media, Journalism, and Sports Communication. When Bestul was asked if he enjoyed the new Okta Verification System, he responded that it hasn’t affected him. He claims that his friend had to visit IT because he was unable to sign in and that he has heard a lot of people complain about the new dual verification system. He believes it is a bit of a hassle to sign in, and commented that it seemed like the sign-in process changes monthly.
Bestul describes the importance of a MFA system to be crucial and to ensure that students are free from security threats. However, he stated that he feels frustrated that it can take five minutes to log in each time. He doesn’t remember the particular process of switching from Microsoft Authenticator to Okta, though he remembers having to “go through hoops” to sign in. Bestul says he “Just goes along with it.” If Bestul had to choose, he said he would keep the dual verification system because he doesn’t mind signing in and having a code sent to his phone.
Bestul says he does not find complaining about Okta worthwhile because it doesn’t do any good and won’t change the process. He did state that he felt that the switch was irrelevant and doesn’t understand why the university would need to switch verification systems.
Alison Giblin is a senior at UWGB majoring in Communication with Public Relations and Social Media Communications emphases. When questioned about the new verification system Okta, she said she was “shocked.” She claims that change is always a difficult thing, even for something as minute as the new verification system. However, Giblin did note that she’s getting used to the new system and hopes it is safer and easier to use in the future.
Giblin believes the MFA system is important for the university and the protection of students’ information. However, she doesn’t keep any of her personal information that needs extra privacy in her school accounts. She doesn’t necessarily believe that a dual verification system is as important as the university believes it may be.
Giblin recalls the process of switching from Microsoft Dual Authentication to Okta as being pretty smooth. She claimed that when the dual authorization was first installed, as soon as she was adjusting, the university decided to switch to Okta. Since then, she has dealt with many issues including being locked out of her email, SIS, and Canva many times. She has visited IT and they have been unable to assist. This has caused trouble in Giblin’s academics.
If Giblin had to choose, she would choose the Microsoft Dual Verification system because many other organizations use it as well. She has had to transfer all of her passwords from the Microsoft system to the Okta system. Giblin’s greatest hope for the new verification system is that it makes it easier to log into school accounts and that students’ information is protected.
A Professor Perspective
Dr. Phillip Clampitt from the Communication program said he was “initially leery” of downloading the Okta program. It was a rough transition for him to switch to Okta, but he claims that was only because he didn’t read the emails about it immediately.
When asked if he likes the new verification system, he mentioned it was “more complicated, and I wouldn’t go as far as saying I like it, but I do tolerate it.” He did state that “a dual verification system is essential these days.” He referred to a Wall Street Journal article about the MGM Grand in Las Vegas being hacked and said, “If we’re going to live in this world, we are going to have to deal with it.” For security purposes, “We’ve got to do what we’ve got to do.”
Professor Clampitt did say that Okta has made his job harder, stating that he now has to “have two services on my phone and switch back and forth,” since some of UWGB’s networks ask for different verification methods. He also uses multiple devices, “and going from one to another is frustrating.” He still uses Microsoft for some of his programs while Okta is used for others.
His advice for anyone else switching over and getting used to Okta is that “once it’s running, it’s fine, it’s the actual transition that was most frustrating.” He also says, “We have to tolerate it as it’s the price we have to pay to live in this world. There’s no way of knowing how many attacks have been deterred because of dual verification systems like Okta.”
Professor Paul Belanger, who teaches Writing Foundations and several English classes, said his main trouble with Okta was that, at first, the push notifications weren’t active. He noted that “Okta doesn’t change much,” and that he feels he has to log in more frequently. He does think a MFA is important to ensure that only the correct people have access to important information. He was initially frustrated with Okta, but now he likes that he is “Speaking the same language as the students” with the same login procedures.
Professor Belanger says, “Okta has no bearing on helping or harming my efforts with my job. It was a scramble to get it changed over, but otherwise, I’ve seen no impact.” His advice to anyone changing over is to be patient. “Small changes are just hurdles we have to get over, but then it’s pretty streamlined.”
Professor Rebecca Nesvet, Department Chair of the English Department, shared some insight. She didn’t have any trouble switching over to Okta. She loves the fingerprint verification. She was alarmed, at first, when Okta would notify her that her location was in some Illinois towns she’d never been to. “What’s the point of location verification if the location is wrong?” she asked.
When asked if she likes Okta, Nesvet said she thinks it’s easier than Duo and has a much larger share of the dual factor identification market. She also thinks a dual verification system is vital. Professor Nesvet mentioned that the British Library, which she uses frequently, suffered a major cyber-attack that shut down its entire online presence. The attackers tried to get them to ransom the data, and thankfully they refused. She mentioned that her book, which was finished in January, “is different than I had planned because of what happened to the British Library.” There is a current government inquiry because it disabled so many research projects, including STEM ones that save lives. She pointed out that this incident was a disaster, and is an example of why organizations need digital security, including MFA.. She says Okta has helped her efforts with her job, then referenced the British Library incident.
She advises those just getting onto Okta: “Every technology requires getting used to. Change happens. As a college student, you learn to learn and adapt and take charge of cultural change.”
What is the consensus?
Opinions on Okta as a system have proven to be mixed. While some students and faculty like the system and feel it’s easier to use, others feel the transition was unnecessary and made doing the work necessary for school difficult. While it is praised for its security and accessibility, it has been criticized for elements like its time consumption and potential issues with the software. The controversy seems to have less to do with the existence of multi-factor authentication but is instead about the frequency with which UWGB seems to change its security. Students and faculty alike spoke on the difficulty of such frequent security system changes. UWGB’s IT department says that Okta is here to stay thanks to its cost-effectiveness and functionality.
Everyone the Fourth Estate spoke to agreed that a MFA system was necessary for security. Whether Okta has successfully fulfilled that role, however, has gotten mixed reception. Technical troubles and a general sense of unnecessary alteration have left many students and professors dealing with issues or feeling like parts of the verification system have not worked properly. Others have defended it on the basis that it is necessary to protect the information of students and faculty.