Remove OKTA and Relax the Monash User Authentication Procedure

0 have signed. Let’s get to 1,000!

Throughout my education at Monash University, my learning has been significantly inhibited by frustrating and excessive user authentication requirements I have been forced to comply with. Originally students were required to change their password every 6 months - a nonsensical requirement for technologically literate University students that know how to keep their passwords safe. In my experience, most student combated this requirement by simply incrementing a number in their password, defeating the procedures purpose entirely.

Recently, the problem has been amplified by the introduction of 'Okta' and the forced implementation of 2FA. This change was accompanied by a bombardment of repetitive and aggressive emails asking us to move to the new platform. Okta is inconvenient, bothersome, and frankly unnecessary. For reference, the 'Okta Verify' students and staff alike have been forced to download to continue accessing Monash's online systems has a score of only 1.3/5 on the app store, making it one of the most unpopular large business apps on the platform. The 'Push' notifications it apparently sends, still require people to open the app. Students who are also staff are impacted especially badly - as they must constantly switch between accounts, and can't 'stay logged in', so they are constantly exposed to complying with the 2FA.

Monash University's authentication procedures are more elaborate than those of even major financial institution or government platforms (which have optional 2FA, and easy pin app access) where people's vital information and life's savings could be exposed. I put forth that no Monash resource requires this amount of security, especially since students primarily use non-security critical resources such as the timetable or Moodle resources. A better alternative would be to even just implement 2FA for confirmation of security critical activities - eg course enrollment, which students would oft only access once per semester, and hence would not inhibit their learning like the current system does.