Skip to main content

Purdue's Two-Factor Authentication System, BoilerKey

BoilerKey—Purdue’s attempt at two-factor authentication. Not only was it not well-thought through, but ITaP also offered very little support for it, all while forcing it on all students and faculty on the same day. Typically, two-factor authentication is a very helpful feature. However, Purdue’s implementation of it has served to not only confuse students and faculty but also has reduced security in some ways. By using PIN,push, the complexity of your password is significantly hindered, from at least 8 letters/numbers/symbols down to only 4 numbers.

In almost any other implementation of two-factor authentication, users have an app on their phones that generates six-digit one-time passwords. These are used in combination with your pre-existing password. When logging in, you enter your username and password like usual and then are prompted to enter the six-digit one-time password. This serves to add to the existing security. Although this is only anecdotal evidence, it seems to me like I’ve received significantly more spam emails from clearly hacked Purdue accounts, after BoilerKey was implemented.

With BoilerKey, users are asked to replace (but not entirely, more on that later) their password with a flimsy, four-digit PIN. In addition, all people must do is tap a notification on their phone, instead of purposefully opening an app. In the defense of BoilerKey, this is easier than opening an app and typing in the six-digit one-time password. However, this may also serve to reduce security, as most college students would just instinctively press the “Allow” button without thinking. The nice time-saving measure is quickly nullified, however, as you must use BoilerKey every time you log in. With most other two-factor authentication implementations, you’ll stay logged when using the same device.

This brings me on to my next point, which is that BoilerKey isn’t ubiquitous across places where your Purdue Career Account credentials are used. Some platforms use it, and others don’t. For example, logging into your email or a campus computer doesn’t require BoilerKey, but logging into most other products do. This is very confusing for users, as Purdue has not made it clear where we need to use BoilerKey and where we need to use our normal career account password.

In conclusion, BoilerKey has been a big disappointment to many and has seemingly managed to make the phishing problem on campus worse than it already was, despite its goal to do the complete opposite.

Comments

Post a Comment

Popular posts from this blog

Proposed Plan for Socially Distanced User Study of Wix.com

Plan for User Study: www.Wix.com I. Introduction Although a usability test is unlikely in this socially-distanced and pandemic-filled world, if I were to do one, this post describes how I would see myself doing it as well as a basic overview of my plan of study, had this been an option. II. Identifying Users 1. The users of this site align most with the age group of 20-35. This demographic uses Wix primarily for educational purpose and small business website platforms. 2. Users in this case will work through website creation, as that is the main function of the site. III. Target Identification of Problems Below are the main heuristics and an associated question to further explore the content of the site as I plan a User Study. A. Engagement Are the screen and workplace too crowded, and are they layered to maximize engagement? Is the site   nested too deeply with helpful tools to be useful? B. Error Tolerance Does the Help Desk analysis show enough specific problem de...
Post a Comment
Read more

Design Surrounds Us

Despite surrounding us in every object that we own, encounter, and interact with, design is oftentimes an invisible sort of force. Good design generally directs the user without being overtly noticeable, which means that it is often easier for us to pick out elements of bad design—that is, we most often notice design when we’re frustrated or confused by it. However, when we feel these emotions, it is important to understand which aspect of a design has caused them. Sometimes the failure in design is not caused by the most obvious component; indeed, the design of a specific frustrating component may have been the best design available if there are external and unmalleable constraints that it had to work within. Noting which level a design fails at, then, will make addressing design concerns much more exact and relevant, as critiquing a specific frustration without addressing the wider problematic system brings about no progress. While perhaps not the most exciting topic, a strong exampl...
Post a Comment
Read more

Think “Experience Architecture”

At the beginning of this class, we were assigned readings and videos about airports in order to conceptualize the main theme of the course, experience architecture. Experience architecture is the design of spaces (architecture) for users (experience), such as an airport. In de Botton's work, "A Week at the Airport," de Botton addresses a doubt about experience architecture that sheds light on the scope in which the concept applies. "Standing before costly objects of technological beauty, we may be tempted to reject the possibility of awe, for fear that we could grow stupid through admiration...[and] yet to refuse to be awed at all might in the end be merely another kind of foolishness. In a world full of a chaos and irregularity, the terminal seemed a worthy and intriguing refuge of elegance and logic." (de Botton, 2009, p. 3-4). Simply put, experience architecture is design that is meant for the experience of the user. De Botton communicates this through an exp...
Post a Comment
Read more