>A thoughtless edict in favor of some bullshit enterprise definition of “security” that disenfranchises or inconveniences students every time they try to pay their tuition or view their grades or register for classes is unacceptable. It doesn’t matter what percentage of students it inconveniences unfairly — Multi-Factor Authentication should be optional, like it is everywhere else.<p>I disagree here. A university's cloud is a resource with different security requirements from "everywhere else". Even as a student, your login probably grants access to things like a directory of every student and faculty member, selectively shared files on GDrive or OneDrive, access to university networks through VPN, and an institutional email address that can be abused to obtain other privileged information. A university is completely justified in making security choices for the student in order to protect other students, faculty, and staff.<p>Of course, they ought to get it right, and there seem to be valid concerns about Duo.