NYU updates login system, students left unimpressed
Over the past 10 days, students logging in to Brightspace or Albert may have noticed an unfamiliar sign-on screen. The universitywide change, which applies to all of NYU’s 100-plus online services, is part of a broader IT initiative to “strengthen security and streamline access.”
Users are now required to enter their NetID email addresses with the domain suffix — @nyu.edu — in order to gain their one-stop-shop access to university portals such as NYU Home, NYU Google services and NYU Wi-Fi. The university’s Global Office of Information Security notified students, faculty and administrators of the change — part of its wider Identity and Access Management infrastructure update — over an email last Thursday.
“To put it bluntly, NYU’s Identity and Access Management infrastructure is large and complex,” Richard Sparrow, associate vice president of global university chief information security and privacy officer, wrote to WSN in a statement. “The move to a new SSO system has unified earlier systems into a single platform, thus reducing NYU’s vulnerability to attacks.”
In order to establish a centralized channel for users to access their NYU accounts and data, the university has adopted Entra ID, Microsoft’s “state-of-the-art” access management software, as part of the IAM modernization. The system, which facilitates login controls, digital tools and applications, will replace the previously NYU-owned cloud network domains, auth.nyu.edu and shibboleth.nyu.edu. Single sign-on passwords and multi-factor authenticators will remain unchanged, according to the email.
CAS sophomore Michelle Zhang told WSN that NYU’s email didn’t thoroughly explain the university’s larger plans to enhance its cyber security. The extra steps added to the new login have yet to make her feel more assured about data security.
“I don’t like my data being out there, but I also don’t know what to say,” Zhang said. “It’s like you’re using your email instead of your NetID. I don’t know how much that’s gonna help my information.”
Data from over three million students and unenrolled applicants’ was exposed on NYU’s website for two hours in a data breach incident in March. The hackers posted sensitive information available for public download, including social security numbers, names, zip codes and GPAs, on the university’s website, which cybersecurity experts told WSN could have sold on the dark web for “tens of thousands of dollars.” NYU was subsequently hit with over 10 class action lawsuits where the plaintiffs received up to $1,000 in compensation.
Universities across the country have faced data leaks by unauthorized users in the past few years, with the education industry named as one of the most exploited in data breaches globally. Most recently, students at the University of Pennsylvania received emails that threatened to leak their data, which came just two weeks after the school rejected President Donald Trump’s compact to eliminate diversity hiring and freeze tuition, among other demands.
Sparrow said the new platform implementation will lower the university’s vulnerability to cybersecurity breaches, adding that the school plans to add password-free and multifactor login processes — where users will be required to input more than one form of verification such as password, a fingerprint and an authenticator app.
“I feel like it was completely useless and there’s no point of having it at all,” CAS first-year Davin Doan said. “I feel like just adding a new front-end like application won’t do much because it still asks for the same thing.”
Contact Kaitlyn Sze Tu at kszetu@nyunews.com.
This story NYU updates login system, students left unimpressed appeared first on Washington Square News.
