In a recent press release, Columbia University Information Technology (CUIT) announced that in the coming days, the current two-factor Duo Security system will be revamped to a cutting-edge four-factor authentication that will include both a CAPTCHA and a retinal scan.
“Hackers want your passwords,” the release said. “And Duo Security is just not cutting it”.
The CAPTCHA move is reportedly motivated by research from Harvard University that has shown that despite AI’s capabilities, when asked to complete the task of choosing all the squares containing photos of school buses, it is immediately stopped in its tracks. To that end, users will have a choice between identifying blurry photos of traffic lights, vehicles, or road signs. CUIT also indicated that a puzzle piece dragging feature is currently in beta and expected to be rolled out within the next couple of weeks, though The Federalist’s sources indicate that robots are reportedly “getting the hang of that one.” As for the retinal scan, the rationale is unclear.
The move presumably comes in response to the cyberattack on Columbia IT infrastructure this past August. While only time will tell if the measures will prove effective, the campus is already divided on the issue, particularly among students without perfect vision. “The eye scan literally does not work if you have contacts on,” said Alex Ching, SEAS ’28, in an interview with The Federalist. “So I have to physically take them off and put my face two inches away from my webcam, and even that only works like half the time. I feel embarrassed trying to open Canvas when I’m in public.”
CUIT also noted that they would be restructuring the often-defunct “Remember me for 24 hours” feature. Users will now receive a phone call from Duo and be asked several security questions to downgrade to two-factor authentication.
“We will not be intimidated by hackers,” wrote CUIT in the closing lines of the release, “and we will not hesitate to deploy 15-factor if we are given reason to.”
CUIT seems to have forgotten to reply to The Federalist’s request for comment.
