Iceberg in Greenlandic waters in June 2016. Photo: United States Department of State Bureau of Oceans and International Environmental and Scientific Affairs

Undersea cables have grown in popularity and usage in recent years, with some 380 underwater cables in operation around the world, spanning a length of over 1.2 million kilometers (745,645 miles).1)Griffiths J. (2019). The global internet is powered by vast undersea cables. But theyre vulnerable. CNN, 26 July, https://www.cnn.com/2019/07/25/asia/internet-undersea-cables-intl-hnk/index.html, accessed 17 January 2022

These cables are heavily important to the Wests national and international defense and security initiatives given the amount of business conducted through them and the services they can provide to many industries. This is illuminated by the fact that Alphabet (the parent company of Google), Microsoft, Amazon, and Meta (formerly Facebook) have all become involved in undersea cable development and are on track to become primary financiers and owners of the web of undersea internet cables connecting the richest and most bandwidth-hungry countries, according to analysts and undersea cable engineers. Yet most of these cables rest along the shores of the Atlantic and Pacific Oceans, connecting North America, Europe, Asia, and Africa.2)Mims C. (2022) Google, Amazon, Meta and Microsoft Weave a Fiber-Optic Web of Power. The Wall Street Journal, 15 October, https://www.wsj.com/articles/google-amazon-meta-and-microsoft-weave-a-fiber-optic-web-of-power-11642222824, accessed 17 January 2022

Many undersea cables are starting to advance farther north, entering the region of the Arctic circle. This past December, the US-based telecommunications company Far North Digital joined with the Finnish company Cinia to develop a 16,500 kilometer submarine internet cable [under the sea]connecting the Atlantic and Pacific Ocean through the perilous Arctic Archipelago.3)Khalili J. (2021) New submarine cable will blast data between Japan and Europe through Arctic waters. TechRadar, 22 December, https://www.techradar.com/news/new-submarine-cable-will-blast-data-between-japan-and-europe-through-arctic-waters, accessed 17 January 2022 In August, Reuters reported that the Russian state-owned telecommunications company Morsviasputnik had begun laying its first undersea fibre optic communications cable over Russias long northern coast from the village of Teriberka, on the Barents Sea, to the far eastern port of Vladivostok to supply stable internet in Arctic port towns as well as the Kamchatka peninsula and Sakhalin.4)Stolyarov G. (2021) Russia starts operation to lay undersea fibre optic cable through Arctic. Reuters, 26 August, https://www.reuters.com/technology/russia-starts-operation-lay-undersea-fibre-optic-cable-through-arctic-2021-08-06/, accessed 17 January 2022 China has also been expanding into the Arctic Circle, developing their cyber, trade, and economic capacities.5)Khorrami N. (2020) Data Hunting in Subzero Temperatures: The Arctic as a New Frontier in Beijings Push for Digitial Connectivity. The Arctic Institute, 04 August, https://www.thearcticinstitute.org/data-hunting-subzero-temperatures-arctic-new-frontier-beijing-push-digital-connectivity/, accessed 18 January

There is an increased measure of data usage coming through undersea cables, which includes sensitive and important data, and utilizes poor security measures to secure these lines from foreign actors. With this large national security threat, the U.S. and international organizations need to take action.

It is clear that many in the public see the Arctic Circle as a frozen, icy tundra when, in actuality, the region is quite imperative to international security and business. According to Scientific American climate change and an accelerating loss of Arctic sea ice during summer months have opened the possibility of northern cable routes while many nations would favor less U.S.-centric cable routes and additional backup lines to avoid U.S. surveillance and disruptions in service.6)Hsu J. (2016) An Internet Cable Will Soon Cross the Arctic Circle. Scientific American, 01 June, https://www.scientificamerican.com/article/an-internet-cable-will-soon-cross-the-arctic-circle/, accessed 17 January From an economic and political perspective, there is clearly a desire from non-Western nations to circumvent the United States and acquire their own methods of telecommunications contact.

The Center for Strategic & International Studies (CSIS) has found that threats from foreign powers (like Russia) can come in the form of cutting off military or government communications in the early stages of a conflict, eliminating internet access for a targeted population, sabotaging an economic competitor, or causing economic disruption for geopolitical purposes alongside tapping [these cables] to record, copy, and steal data, which would be later collected and analyzed for espionage. CSIS commentary also found that Russia could be able to stage cyberattacks against these data pipelines which could disrupt or divert data traffic, or even execute a kill click deleting the wavelengths used to transmit data.7)Morcos P. & Colin Wall (2021) Invisible and Vital: Undersea Cables and Transatlantic Security. CSIS, 11 June, https://www.csis.org/analysis/invisible-and-vital-undersea-cables-and-transatlantic-security, accessed 19 January

Already, Russia has been heavily involved in developing their abilities to tap undersea cables and have also been accused of playing a role in the outage of the furthest north undersea fiberoptic cable located between mainland Norway and the Svalbard archipelago in the Arctic Ocean.8)Newdick T. (2022) Undersea Cable Connecting Norway With Arctic Station Has Been Mysteriously Severed. The Drive, 10 January, https://www.thedrive.com/the-war-zone/43828/undersea-cable-connecting-norway-with-arctic-satellite-station-has-been-mysteriously-severed, accessed 17 January 2022

Publicly, it is unknown exactly how effective foreign powers are at tapping Western undersea cables, the amount of damage this can inflict upon a nation necessitates the United States take steps to protect themselves from these problems. A recent 2021 report by the Atlantic Council highlighted this issue, stating, authoritarian governments, especially in Beijing, are reshaping the Internets physical layout through companies that control Internet infrastructure, to route data more favorably, to route data more favorably, gain better control of internet chokepoints, and potentially gain espionage advantage while also describing how private companies and industry as a whole are becoming more aware of these network security risks.9)Sherman J. (2021) Cyber defense across ocean floor: The geopolitics of submarine cable security. Atlantic Council, 13 September, https://www.atlanticcouncil.org/in-depth-research-reports/report/cyber-defense-across-the-ocean-floor-the-geopolitics-of-submarine-cable-security/#introduction, accessed 17 January 2022

These efforts at defense may come in the form of international law and policy, and joint efforts at stopping intrusions.

Simply put, the U.S. government needs to take immediate and intense action. Writing for DefenseNews, Nadia Schadlow, a senior fellow at the Hudson Institute and former Deputy National Security Advisor for strategy, and Brayden Helwig, an intern with DefenseNews, are that, First, the U.S. government should take more responsibility for repairing undersea infrastructureClassifying cable repairs as matters of national security and developing a public-private operational plan that includes a division of resources to repair them is one step toward reducing the response time to a disruption or an attack in addition to creating tax incentives for private industry to secure cable landing stations, while investing in technologies that detect and deny undersea espionage.10)Schadlow N & Brayden Helwig (2020) Protecting undersea cables must be made a national security priority. DefenseNews, 01 July, https://www.defensenews.com/opinion/commentary/2020/07/01/protecting-undersea-cables-must-be-made-a-national-security-priority/, accessed 17 January 2022

Tactics like what has been described by Schadlow and Helwig would assist in better protecting the United States from cyberattacks and undersea threats by foreign actors, while also helping the international community by assisting the private sector, which controls most of these cables.

From an international perspective, there is a great need for more legal statutes governing undersea cables and the threats posed to these systems, as their jurisdiction in somewhat of a gray area. Garrett Hinck, a PhD student at Columbia University, wrote about this in 2017 for the Lawfare blog. Hinck finds that with regards to underwater cable law, despite the existence of both the 1884 Convention on the Protection of Submarine Cables and the 1982 U.N. Convention on the Law of the Sea there is very little that governs the usage of undersea cables in wartime or when damaged. He writes that, relatively little attentionhas focused on the legal frameworks that govern the networks of glass and steel that form the literal backbone of our internetIn practice, the lack of legal disputes involving attacks on cables leaves their legality uncertain.11)Hinck G. (2017) Cutting the Cord: The Legal Regime Protecting Undersea Cables. Lawfare, 21 November, https://www.lawfareblog.com/cutting-cord-legal-regime-protecting-undersea-cables, accessed 19 January 2021

Establishing a clear and official set of international guidelines for how undersea cables operate within wartime or in regards to international threats by both state and non-state actors is imperative to better securing them from threats, not only those of national security importance, but also those of human security importance.

In terms of joint cooperation, this can come across primarily in the form of government-private sector collaboration and interstate cooperation. CSIS, in their brief of undersea cable security, advocated for the U.S. government to conduct bilateral confidential dialogues with its main European partners, in particular, the United Kingdom and France, to exchange information on their threat perspective and analysis, their respective cable projects, and the national measures implemented to protect them while NATO should work on a collective assessment of both the potential vulnerabilities to undersea cables in the Euro-Atlantic region and the implications of disruptions for allied operations.12)Morcos P. & Colin Wall (2021) Invisible and Vital: Undersea Cables and Transatlantic Security. CSIS, 11 June, https://www.csis.org/analysis/invisible-and-vital-undersea-cables-and-transatlantic-security, accessed 19 January

From a private sector-government standpoint, Schadlow and Helwig in their article for DefenseNews also argue for private industry tax incentives to secure cable landing stations, while investing in technologies that detect and deny undersea espionage.13)Schadlow N & Brayden Helwig (2020) Protecting undersea cables must be made a national security priority. DefenseNews, 01 July, https://www.defensenews.com/opinion/commentary/2020/07/01/protecting-undersea-cables-must-be-made-a-national-security-priority/, accessed 17 January 2022 Pierre Morcos and Colin Wall, writing a commentary for the Center for Strategic and International Studies, note, national governments should also ensure that operating companies implement the highest standards. As a first step, allies should encourage operators to adhere to voluntary guidelines, most notably those provided by the International Cable Protection Committee (ICPC), an industry forum for cable owners and some governments that develops standard procedures If voluntary standards fail to incentivize companies to invest adequately in cybersecurity, allies should consider defining mandatory requirements, as recently decided in the United States for oil and gas pipelines following the ransomware attack against Colonial Pipeline.14)Morcos P. & Colin Wall (2021) Invisible and Vital: Undersea Cables and Transatlantic Security. CSIS, 11 June, https://www.csis.org/analysis/invisible-and-vital-undersea-cables-and-transatlantic-security, accessed 19 January

These forms of defense against state actors would greatly bolster the overall national security framework of the West. They would allow companies, global powers, and international organizations to deter hostile state actors like Russia and China while improving global security. Furthermore, they would allow for clarity going forward in terms of the open sea, the Arctic Circle, and international law while also preserving the Arctic Circle for purely business and scientific development as opposed to military action.

The Arctic Circle is a key resource for wealth, having an abundance of oil and gas in addition to being valuable territory for fishing and scientific exploration. With undersea cables, they provide economically beneficial routes for faster data accumulation while allowing for an increased ability to share information, conduct business deals, and communication between governments and the private sector. Undersea cables require protection from hostile state actors and non-state actors who see these cables as a way to advance their own geopolitical goals. By strengthening international law, having governments join with the private sector and other friendly governments, and making a stronger cybersecurity program, the Arctic Circles undersea cables will be more effectively protected from harm and allow for a peaceful sharing of information.

Alan Cunningham is a graduate of Norwich University and the University of Texas at Austin, attaining an MA in International Relations, a BA in History and a BS in Radio-Television-Film respectively. He plans to join the U.S. Navy as an Officer in 2022 and has worked in both the fields of finance and journalism, focusing on international/national security, military affairs, and foreign policy. He has been published in the Jurist, Security Magazine, ModernDiplomacy, and The Diplomat among others.

See more here:
Underneath the Ice: Undersea Cables, the Arctic Circle, and International Security - The Arctic Institute

MCLEAN, Va., March 29, 2022 (GLOBE NEWSWIRE) -- GTT Communications, Inc., a leading global cloud networking provider to multinational clients, has announced its partnership with Arc Solutions, a provider of integrated network solutions in the Middle East, to consolidate and expand GTTs service reach across the Middle East. Underpinning the partnership is a network-to-network interconnect (NNI) between GTTs global Tier 1 network and Arc Solutions Middle East network at the Datamena facility in Dubai.

The new partnership creates better economies of scale for GTTs enterprise service offering in the Middle East, which includes internet services and managed SD-WAN, leveraging Arc Solutions point-of-presence locations in UAE, Bahrain, Oman, Saudi Arabia, Israel and Pakistan. With this enhanced service footprint, GTTs enterprise customers can lower their total cost of ownership with service requirements in the region, gain improved network visibility and realize more consistent performance.

We are continuously seeking opportunities to expand the reach of our global IP network to meet demand while we also focus on ways to operate it more efficiently to benefit our customers, stated Don MacNeil, GTT COO. Our network and data center provider partners are an important element of our value proposition, and we are pleased to partner with Arc Solutions to strengthen our service offering in the Middle East region, which includes secure internet and software-defined wide area networking solutions.

We are excited to partner with GTT, combining our expanding Middle East footprint with one of the worlds largest Tier 1 IP networks, stated Mahesh Jaishankar, CEO at Arc Solutions. The positive synergy of our global ISP partnerships brings substantial value to customers that are seeking a service provider with strong coverage in the Middle East as well as the rest of the world.

According to industry research firm TeleGeography, international internet traffic to the Middle East has tripled between 2017 and 2021.1

About GTT

GTT provides secure global connectivity, improving network performance and agility for your people, places, applications and clouds. We operate a global Tier 1 internet network and provide a comprehensive suite of cloud networking and managed solutions that utilize advanced software-defined networking and security technologies. We serve thousands of businesses with a portfolio that includes SD-WAN and other WAN services, internet, security and voice services. Our customers benefit from a customer-first service experience underpinned by our commitment to operational excellence. For more information on GTT, please visit http://www.gtt.net.

About Arc

Arc is a provider of integrated network solutions that simplify connectivity to networks, data centers, cloud and interconnect platforms across the Middle East. We put customers and partners in control of their connectivity and enable them to seamlessly and rapidly deploy connectivity solutions to serve their end customers. Our purpose-built regional network and our interconnections to a large and expanding portfolio of partners and suppliers are designed so that we can quickly build the right solution for our customers. As an independent provider with backing from two of the most trusted telcos in the region, Batelco and EITC (du), Arc is led by a team of experts with a track record of success in serving regional and global businesses in the Middle East. Our vision is a highly interconnected Middle Eastern market that accelerates how network-centric businesses optimize, grow and innovate in connectivity and digital services. For more information, visit http://www.arcsolutions.me.

GTT Media Inquiries:Ed Stevenson, LEWIS+44-207-802-2626gttuk@teamlewis.com

GTT Investor Relations:Charlie Lucas, GTTVP of Financeinvestorrelations@gtt.net

1 Based on peak traffic. Global Internet Geography Report. TeleGeography. 2021.

Read more here:
GTT Forges Partnership With Arc Solutions for Enhanced Connectivity in the Middle East - GlobeNewswire

Since the beginning of Russias full-scale invasion of Ukraine on February 24, the nations internet has become increasingly detached from the rest of the world. This shift is being driven by both western tech firms ending their services in Russia and by the Kremlin itself, which has been tightening its grip over the information its citizens can access.

Recently, NATO has increasingly accused Russia of cyberattacks and misinformation campaigns, with threats of retaliation if they continue. As a result, the Kremlin has perceived an increasing urgency to guard its internet against servers outside of its control.An isolated Russian internet may sound like a drastic and damaging step, but it is one that the country has been anticipating for some time.

As early as 2010, Russia launched its own operating system in an effort to reduce its dependence on Microsoft products. In 2017, the nation announced plans to create its own Domain Name System (DNS), which acts as a phonebook for cataloguing internet domain names. DNS root servers are currently overseen by 12 different organizations, but none are based in Russia. Even further, the Kremlin had begun to force tech companies like Facebook and Google to store data on Russian citizens inside Russia, for easy access by state officials.

Subscribe for counterintuitive, surprising, and impactful stories delivered to your inbox every Thursday

In 2019, President Vladimir Putin signed into law a plan to create an independent Russian internet space called RuNet. Under this plan, internet providers would be forced to reroute traffic to state-approved exchange points, which are managed by telecom watchdog Roskomnadzor. This would allow the Russian internet to continue operating even if their servers were cut off from the rest of the world.

The plan didnt come to fruition immediately, and was further delayed by the Covid-19 pandemic in 2020. But between June and July 2021, Russia conducted a test of a fully isolated RuNet, involving all major telecoms firms in the country. From the outside, it wasnt immediately clear how long this disconnection lasted, or if it had any significant impact on internet traffic. Still, the Kremlin deemed the experiment a success.

Under the legislation signed by Putin, Roskomnadzor was given sweeping controls over how Russias citizens can use the internet. Immediately, critics became concerned that a completely isolated RuNet would allow the Kremlin to massively ramp up its efforts in surveillance and censorship.

At the time, it wasnt clear whether Russia was actually planning to isolate its internet in the near future. But since the beginning of Russias full-scale invasion of Ukraine, that may have now changed. Over the past few weeks, the Kremlin has blocked access to Facebook, Twitter, and international news sites, on which Russian internet users could read and share information not approved by the Kremlin.

While this has generated a surge in demand for VPN apps, Roskomnadzor has ordered Google to remove tens of thousands of VPN-related search results, making it far more difficult for internet users to circumvent these barriers.

The dismantling of Russians access to information hasnt been triggered entirely by Russia itself. As western nations move to place the harshest possible sanctions on Russia, its citizens are seeing a steady decline in online services such as Facebook, Twitter, global news sites, and streaming services like Netflix and Amazon Prime Video. Some western internet providers, including the US-based Cogent, are even cutting off their Russian customers entirely.

In contrast, some organizations, including the digital security company Cloudfare, maintain the view that ending services for Russian customers will only make it harder for them to access outside information. This may only accelerate the ability of Russias government to isolate and control its internet further.

Ultimately, the situation places western tech firms in an extremely difficult position, with no clear solution for now. On one side, pulling out of Russias internet could diminish its ability to unleash cyberattacks and misinformation campaigns. On the other, the move could accelerate the isolation of RuNet, and strengthen the Kremlins control. For Russias citizens, this can only make it far more difficult to access the resources they need to oppose their governments actions.

Here is the original post:
How pulling out of Russia's internet could further isolate its citizens - Big Think

Image: Adobe Stock

Security of networks and systems is something every business and administrator should take very seriously. After all, without solid security policies, plans and tactics in place, it wont be long before youre recovering from a disaster that could leave your data exposed to neer-do-wells (or worse).

Anyone in this industry fully understands that its only a matter of time before a company has to deal with a security breach. But anything and everything you can do to mitigate such a situation should be considered a must. To that end, what tools should your admins know about to keep your company, systems, users and data safe?

SEE: Google Chrome: Security and UI tips you need to know (TechRepublic Premium)

I have a shortlist of five types of tools your admins must know (and use) to keep tabs on your desktops, servers and networks. With this list, you should be able to piece together a toolkit thats perfectly suited to help fill out a solid foundation of security for your company.

With that said, lets get on with the list.

Pentesting tools (a.k.a. penetration testing tools) are an absolute must for gauging the security of your systems. These tools mimic various types of attacks on your devices to see if they can break through the defenses youve set up. These tests will reveal vulnerabilities you otherwise might not have ever known about. If your company doesnt already employ a pentester (otherwise known as an ethical hacker) this is a position you should definitely consider bringing in. Why? Because admins might not have time to learn the ins and outs of pentesting, nor might they have the time to run these types of tasks regularly.

There are quite a large number of pentesting tools (such as Metasploit, John the Ripper, Hashcat, Hydra, Burp Suite, Zed Attack Proxy, sqlmap and aircrack-ng), however, your best bet might be to use a full-blown operating system geared specifically for penetration testing (such as Kali Linux), which will include most of the pentesting tools youll need for successful vulnerability tests.

Although a good pentesting distribution will include most of what you need to do vulnerability assessment, you might not have someone on staff with the knowledge or skills to use those tools. In that case, you could turn to a security auditor/vulnerability assessment tool. Where pentesting allows your admins to run very specific tests against your systems, these tools are more general and will run wide, sweeping tests against your operating systems and installed applications for vulnerabilities.

One of the benefits of auditor/assessment tools is that many of them will report back to you with ways you can resolve the issues at hand. Some auditor/vulnerability tools will even display what CVE vulnerabilities it has found (which will allow you to do further research into how the issue(s) can be resolved. A shortlist of security auditor/vulnerability assessment tools include Nikto2, Netsparker, OpenVAS, W3AF, OpenSCAP, SolarWinds Network Vulnerability Detection, Tripwire IP360, Nessus Professional, Microsoft Baseline Security Analyzer, Acunetix, ManageEngine Vulnerability Manager Plus and Intruder.

For those whove never scanned a network, youd be absolutely shocked to see how much traffic is coming and going on your network. Most of that traffic is probably legit but not all of it. How do you tell which is which? One way is by using a network scanner. These tools make it possible for you to not only view all of your network traffic but also track specific packets, watch only certain machines, or source/destination IP addresses.

A network scanner is an absolute must for any security administrator looking to keep their network as secure as possible. Although these tools wont suggest fixes or reveal software vulnerabilities, they do a great job of helping security pros track down systems that have been targeted by hackers and (sometimes) can help lead you to the source of the hacking. Some of the best network scanners include Wireshark, nmap, Site24x7 Network Monitor, PRTG Network Monitor, Angry IP Scanner, IP Scanner by Spiceworks.

SEE: Best Encryption Software 2022 (TechRepublic)

A firewall should be considered an absolute must. With a firewall on your network, you can block specific traffic (coming or going), blacklist certain IP addresses or domains and generally prevent unwanted traffic/packets from entering your systems. Of course, most operating systems include their own firewalls but some of those are either too complicated or not powerful enough to meet the growing needs of your company. Should you find that to be the case, you might consider deploying a firewall device, built specifically to protect your network.

Although these devices can be costly, the results they deliver are often worth the spend. For enterprise businesses, a firewall becomes even more important (especially with sensitive company/client data housed within your network). The best firewall devices on the market include Cisco ASA, Fortinet FortiGate, Palo Alto Networks Next-Generation PA Series, Cisco Meraki MX and Zscaler Internet Access.

Intrusion detection is exactly what it sounds likea tool to alert admins when an intruder has been detected within a network or system. Many of these types of tools go beyond simple alerts and will automatically lock out suspect IP addresses (for instance, after X number of failed login attempts).

Intrusion detection systems monitor network traffic for suspicious activity and act according to how theyve been configured. These automatic systems are a great first line of defense against hackers, but shouldnt be considered the be-all-end-all for your security. Deploy an IDS and let it do its thing, but understand that every piece of software is fallible (ergo, youll want to employ other forms of security). However, having a good intrusion detection system working for you is an absolute must as the first line of defense. Some of the best IDSs include CrowdStrike Falcon, Snort, Fail2Ban, AIDE, OpenWIPS-NG, Samhain and Security Onion.

Read the original post:
5 types of cybersecurity tools every admin should know - TechRepublic

Ithaca College staff, students and faculty can expect to find an extra step when logging into Zoom and Formstack Forms. Duo Multi-Factor Authentication (MFA) will now be required to prevent accounts from being compromised.

The changes were announced over Intercom, with Zoom requiring Duo MFA on March 17. Formstacks Duo MFA implementation was originally scheduled for March 16, but was pushed back to March 21. When logging in, students will now be expected to answer a phone call or go into the Duo app in order to log into Zoom. Ithaca College is one of more than 300 educational institutions that uses Duo MFA for its programs.

MFA is an electronic authentication method that is gaining popularity with companies including Bank of America, Facebook and Microsoft. For security purposes, it requires users to use two or more identity verification factors in order to gain access to a website or application. This multi-step verification process helps to reinforce security, while usernames and passwords remain vulnerable to cyber-attacks and being stolen by third parties.

While Zoom was highly utilized during the COVID-19 pandemic, it also experiences a form of cyber-attack known as Zoombombing, a practice in which internet trolls hijack calls inserting lewd, obscene, racist, misogynistic, homophobic, Islamophobic or antisemitic material. Zoombombings have occured during classes at the college in the past. Proven methods to prevent this include not sharing Personal Meeting IDs when hosting public events, asking users to provide their email address when registering for an event and MFA.

At IC, we will continue to add Duo protection to systems wherever login is required, while also continuing enhancements to our single sign-on systems to reduce how often individuals are prompted to authenticate, Jason Youngers, information security officer for Information Security and Access Management said via email.

While there have been no immediate threats to security in these programs, David Weil, chief information officer for Information Technology, said the changes were made because of MFAs ability to deter hacking and to better protect all student, staff and faculty accounts.

It really has been shown to be a very strong deterrent to having an account be compromised, Weil said. And industry best practices is really recommending that wherever possible, you should put MFA in front of all logins it really is another layer of protection.

Duos move to Zoom and Formstack was news to some students. Senior Nicholas Isaacs said he was surprised to find out that he would be required to use Duo to log into Zoom. For Isaacs, the change is not entirely welcome.

I just think its too many extra steps, Isaacs said. I think that both platforms have enough security but I can see why the college is doing it. But from a practical standpoint, its really not the best.

For some students, the process of logging in with MFA is tedious. Whenever sophomore Devan Adegbile was without her phone, she said logging into websites became more difficult.

Sometimes I just quickly want to look something up [on Degree Works] on my computer and I need to get my phone, but its all the way in a different room, so its a little inconvenient for me, Adgebile said.

Isaacs similarly said the process of moving between computer and phone to login has created problems for him in the past. In one instance, Isaacs said he was unable to login because his phone had died and he was not able to access Duo Mobile.

Theres been cases where my phones been off and [I] havent been able to get in, Isaacs said. I have to charge my phone before I can get in and I just couldnt get into the account, so that was a big inconvenience. But other than that, if you have your phone on, then maybe [logging in is] 30 seconds more at most.

Duo offers a way to speed up the login process by allowing users to remain logged in for 90 days. Whenever a user is asked to use Duo, Weil said it was to ensure the person using the device is who they say they actually are.

On my computer that Im using right now, I have not been asked to use Duo at all today, Weil said. If I were to use a different machine, its going to be Oh, I dont know who you really are, let me challenge it. I know it can be a little frustrating, but its using intelligence behind the scenes its not just arbitrarily asking.

For sophomore Jesus Burgos, using Duo is just another part of his login process which is why he said he did not mind the addition of Duo to Zoom and Formstack. Instead, he saw it as an opportunity to further prevent Zoombombings.

If you get hacked or if someone knows your password, that doesnt mean theyre going to be able to get into your account, Burgos said. I hope that people here are more mature and that [Zoombombings] wouldnt happen in Zoom meetings and at Ithaca College.

More:
Cyber security expands at IC with Duo authentication - Ithaca College The Ithacan