Pitt Duo Mobile App Just Isn’t Secure Enough

author-pic at University of Pittsburgh  

At long last, Pitt administrators have responded to student outcry against Duo Mobile, the time-wasting, phone storage-using, never-working, soul-sucking security app forced upon students. The app is part of a security initiative known as “multi-factor authentication” which requires students to approve My Pitt login requests on their phones. This must occur even if the login request is from the same phone, leading to a redundant never-ending cycle of maddening self-validation. In a formal e-mail to the student body, Pitt apologized for the inconvenience and said that they heard the message loud and clear: Duo Mobile just isn’t secure enough.

“We received an abundance of complaints regarding the multi-factor authentication system using Duo Mobile,” the email reads, “and after skimming over a couple of them for, like, a second, we believe the issue is that we limited ourselves to only two devices. What students want is to know that their information is safe from hackers who are trying to check their grades and pay their tuition.”

A multi-step plan has been instituted to roll out the replacement to Duo Mobile over the next few years. For each year, a new form of authentication will be added, ending with an unholy Quintuple Factor Authentication.

“Beginning Fall 2018, students will have access to Trio Mobile, beginning the triple factor authentication phase,” says Pitt’s announcement. “The app will need to be installed on both a mobile phone and an iPad. If a student is attempting to log in to My Pitt on the iPad, they will have to install the app twice and approve themselves on each one. By 2019, Quartet Mobile will be complete. In this system, students will receive notifications on their television, available for a fee via their basic cable service.”

The email admits that as of now, the IT department has not yet determined how Quintuple Factor Authentication will be achieved. “Originally, we were thinking that the fifth notification would appear in a dream that the students had on an assigned night,” said one IT rep. “Unfortunately, the technology just isn’t there yet. So we figured, why does it need to be an app notification at all? Why not make it even more obnoxious–I mean, secure.”

Some proposals for Quintuple Factor Authentication involve the use of kitchen appliances. Having completed the first 4 rounds of security, students would be instructed to place their laptops in a microwave for a unique number of seconds. Once that number was reached, the microwave would send a signal to the laptop, allowing the student to log in. Upperclassman would have to put their laptops in ovens set to a unique temperature.

Additional ideas pitched by the Legion of Internet Security Lizards were to use carrier pigeons. Abundant in the city of Pittsburgh, pigeons could be marked with a series of numbers on their feathers. Students wishing to log in would be sent into the city to locate the pigeon with their designated number, attach a log-in request to the pigeon’s leg, then send the bird back to the Cathedral of Learning for administrative review. The estimated time for a successful log in with this method is about 4 months.

“We hope students feel that their school has listened to their requests and will act in their best interest,” the email continues. “We take the security of our students very seriously, and we can assure you that by the time you graduate, logging in to My Pitt will be near impossible.”