Two-Step Outlook Verification Process Creates Inconvenience for Students

After a cyber security update from the Office of Technology (OIT), students have been logged out repeatedly from their Microsoft Outlook accounts. Students must undergo a two-step verification process using both their password and either a text confirmation code or a call from their cell phone when they close and reopen the emailing platform. 

OIT emailed the Andover Community on November 2, explaining that this is common to all applications to which community members must log in using their Andover credentials, including Canvas, Slate, and PAnet.  

According to Nancy Alpert, Director of Information Technology, the OIT implemented these features to focus on increasing security, primarily around web access. Alpert said that one way to avoid logging in as frequently is to download Outlook Client. 

“We try to improve our security around email and some of our other systems, and one of the options was to make some changes in the way web access works. If you go to a public machine, say you’re in a lab, and you go into your email, then forget to close it out properly, this will help with the security around that. If you download the Outlook Client instead of using the web, you don’t get prompted as often. It uses different security mechanisms so you only get prompted on a less frequent basis,” said Alpert. 

Melinda Wu ’25 believes that the new multi-factor authentication process disrupts the daily lifestyle of students, making it inconvenient to perform actions that students frequently need to do, such as checking Outlook. She added that the school could better the system by requiring outside authentication less frequently. 

“I don’t think [the two-step security verification] is fully necessary, especially because a lot of the time [the system] ends up signing you out. Sometimes if you’re in the middle of a session, or maybe let’s say you sign in once earlier in the day, it’ll sign you out later. I think security checkpoints are definitely important. Perhaps if you only need to do it when you add a device or if you sign in from a new device, I think that would definitely change a lot, or at least solve a lot of the problems with people who are worried about security and convenience,” said Wu. 

Part of the motivation behind the recent changes in the security of logging into student emails was the emphasis on security of student accounts and information. Helios Hong ’25, who experienced multiple cyberattacks to his social media platforms, appreciated the efforts that Andover is making to ensure the security of student accounts. 

“I have been hacked on many social media accounts many times and I think that having this two-step verification and identification every one or two days is actually really helpful to increase cybersecurity. Cybersecurity is definitely an issue, especially at a school as large as Andover, and the privacy of students is very important. I think it doesn’t really matter what measure we take; if we can get that security, I think it is good,” said Hong.

Despite deeming the security update as an inconvenience, Jacob Kaiser ’24 said he has grown used to the log-in process. However, Kaiser elaborated on his lack of understanding behind the security measures. 

To be completely honest, I’ve kind of developed a routine when it comes to the two-factor authentication [system]. It’s become rather easy to just type my email, my password, and then have it text my phone, but I still do see it as an inconvenience. I don’t necessarily see the need for such heightened security. I don’t really know where a malicious attack could come in that regard,” said Kaiser. 

Kaiser also suggested a possible solution. He voiced a hope that a newer update by OIT could allow students to customize their settings and choose to stay logged in on certain browsers or devices to reduce the amount of needed login confirmations.

“It’s… the people in [OIT] or at Andover that are kind of facilitating these changes, and I think if they give us the option to allow ourselves to stay signed in on a certain browser, I know that’s an option with some platforms to stay sign in on perhaps, you know, Chrome on your computer or wherever, on your phone, etc., that would be very helpful, because, you know, I guess for a new sign in, it’s warranted, but otherwise it feels just a little annoying and extraneous,” said Kaiser.

Although a notice was initially posted on Andover’s PAnet announcing the upcoming changes, not many people were prepared for the changes or saw the notice, according to OIT in their email to the campus community. Alpert hopes to continue to take suggestions and improve the convenience of logging in while continuing to prioritize the security of Andover accounts. 

“There’s tons of opportunities to improve security all the time and it changes over time too. So we’re looking at some different ways of improving security that will make it easier too, we always want to make the experience better. Over time things will continue to change, and I think we need to do a better job at sharing that information to people,” said Alpert.