After over 5,600 NetID accounts hacked, UW-Madison moves to implement third factor of authentication
The UW-Madison Office of Cybersecurity announced on Tuesday that 5,688 NetID accounts were successfully hacked on November 8th, 2019.
This successful hacking attempt occurred soon after UW-Madison implemented Multi-Factor Authentication (MFA) via the Duo Mobile App in October of 2019, a system which requires students to verify their identity on the app in order to login to their NetID accounts.
“I know that many folks are angry with this news, and they have a right to be. I know people are frustrated because MFA was supposed to prevent this type of scenario” said Cybrus E. Curity, director of the UW-Madison Department of Information Technology. “But the fact of the matter is that MFA did work to prevent thousands of people’s information from being compromised. Over 45,000 attempts of phishing and hacking occur each week, and unfortunately this one happened to slip through.”
In response to the November hacking of NetID accounts, UW-Madison has announced that they will implement a third-factor authentication to the login process by the beginning of the Fall 2020 semester.
It is unclear, however, what the third-factor authentication will be. It could be as routine as verifying one’s identity with a third device, such as an Apple Watch, iPod Nano or Roomba vaccum cleaner, or it may be a much more taxing verification format such as a finger prick for a blood sample analysis or anal swab for a stool sample analysis. There is simply no way to know.
Given that the current use of Duo-MFA is unpopular among students, this move by UW-Madison administration is unlikely to be received well. In our interviews on the matter, various students described using Duo-MFA as “annoying,” “tedious” and “as emotionally draining as putting the kidney stone I just passed back up my urethra with a pair of rusty tweezers.”
In order to address student concerns about a campus-wide implementation of a third factor of authentication, the Department of Information Technology office will be holding a public forum to answer questions. The meeting will be held Feb. 2, 2020 in the fish tank aisle of the Janesville PetSmart.