Purdue's Two-Factor Authentication System, BoilerKey

BoilerKey—Purdue’s attempt at two-factor authentication. Not only was it not well-thought through, but ITaP also offered very little support for it, all while forcing it on all students and faculty on the same day. Typically, two-factor authentication is a very helpful feature. However, Purdue’s implementation of it has served to not only confuse students and faculty but also has reduced security in some ways. By using PIN,push, the complexity of your password is significantly hindered, from at least 8 letters/numbers/symbols down to only 4 numbers.

In almost any other implementation of two-factor authentication, users have an app on their phones that generates six-digit one-time passwords. These are used in combination with your pre-existing password. When logging in, you enter your username and password like usual and then are prompted to enter the six-digit one-time password. This serves to add to the existing security. Although this is only anecdotal evidence, it seems to me like I’ve received significantly more spam emails from clearly hacked Purdue accounts, after BoilerKey was implemented.

With BoilerKey, users are asked to replace (but not entirely, more on that later) their password with a flimsy, four-digit PIN. In addition, all people must do is tap a notification on their phone, instead of purposefully opening an app. In the defense of BoilerKey, this is easier than opening an app and typing in the six-digit one-time password. However, this may also serve to reduce security, as most college students would just instinctively press the “Allow” button without thinking. The nice time-saving measure is quickly nullified, however, as you must use BoilerKey every time you log in. With most other two-factor authentication implementations, you’ll stay logged when using the same device.

This brings me on to my next point, which is that BoilerKey isn’t ubiquitous across places where your Purdue Career Account credentials are used. Some platforms use it, and others don’t. For example, logging into your email or a campus computer doesn’t require BoilerKey, but logging into most other products do. This is very confusing for users, as Purdue has not made it clear where we need to use BoilerKey and where we need to use our normal career account password.

In conclusion, BoilerKey has been a big disappointment to many and has seemingly managed to make the phishing problem on campus worse than it already was, despite its goal to do the complete opposite.

Comments

Why Professional Writing?

How did I end up here? As I've gotten closer to graduating from college, I've had people ask me how I ended up on the path that I'm on and why I made the decisions that I did. It still makes me laugh a bit when someone asks me those questions because truthfully, I've never felt like I knew what I was doing. The short answer is that I continually made decisions that I thought would make me happier in the long run. When I applied to Purdue, I already knew I didn't want to go there. No offense, Purdue, but I grew up in West Lafayette, Indiana, and I'd promised to my parents for eight years that I would be moving away for college. To my utter dismay, after all of the college applications had been submitted and returned, I found myself needing to make a decision between going to an out of state college (my dream) and taking out student loans, or staying here and graduating debt-free. I'm here, so obviously I chose the latter. Applying to the Professional Writing ...

Writing Professionally Outside of Professional Writing

In an earlier entry, I noted that one of my vivid memories from my time in professional writing comes from the ironic realization that I was doing very little writing throughout one of my courses. Instead, this computer-aided publishing class mainly focused on the design of text and other content that already existed, with the actual writing in the class dealing with the decisions that went into the creation or modification of any presented design. In a sense, this course therefore focused more on the overall user experience of a document—how the user would view all the words and paragraphs and content as a whole—rather than how one would create the technical written elements that were necessary to form the document in the first place. Perhaps to balance this out, then, I want to discuss a recent writing experience that I find to be almost thematically opposite. One of the classes I took this semester was Purdue’s software engineering class, described on the university’s catalog as an ...

Virtual Learning Presents New Distractions for Elementary Students

College students aren't the only ones using Zoom. For those of us in the academic world without children, it easy to forget that elementary students were also asked to adjust to this new e-learning way of life. Unfortunately, though, many of their questions remained unanswered when their world began changing so rapidly. This post will explore the thoughts and feelings of one current 4th grader. For privacy reasons, her name has been changed. A 4th grader's personal anecdote. In March 2020, two days before the elementary school shifted entirely to virtual learning, Sarah's father took her out of school and told her she would not be returning until the COVID-19 pandemic was under control. Sarah, who was still in 3rd grade at the time, did not understand what was going on, but she understood that, as her father said, she probably would not be returning to school for a while. The following Monday, Sarah received all of her textbooks and a Chromebook in the mail. Her teach...

Purdue RxA

Search This Blog