Last spring, while trying to log into Health and Wellness Services’s patient portal for a blood work appointment, I was presented with the following message:

(characters such as * & $ % ‘ < > ! # may not be used in your Password)

So I changed passwords. Had I known what I was doing, I would have gladly remained locked out of the patient portal and not gotten my blood test done, as doing so forced me to sign up early for the privilege of using Okta.

Okta is the new third party multi-factor authentication (MFA) service used by the College to secure our Google accounts. Apparently, it will soon be linked to more services; the Office for Information Technology (OIT) website says, “You will see more apps appear in the dashboard as OIT integrates them with with Okta.” 

Okta provides the College with a management system for user credentials, a website (sso.williams.edu) through which students enter said credentials and are then redirected to Google Workspace sites. By default, in order to verify their identities, users must use the Okta Verify app on their phone to complete MFA.

Our issue, first and foremost, is with mobile app-based MFA as a whole, which, to be fair, is so ubiquitous that it is not entirely the College’s fault but rather a symptom of the first world’s recent obsession with delegating more and more practical tasks to mobile devices. App-based MFA not only encourages but requires 24/7 cell phone access; other examples include required text message verification, QR code menus at restaurants, and remote check deposit systems. While there is nothing intrinsically wrong with these features, their requirement is a huge inconvenience for people trying to minimize maladaptive phone usage in an age where it often does more harm than good. 

More pertinent to the College, however, is the irritating inefficiency of Okta’s log-in website. For most students, it is a minor inconvenience: a slow website making the log-in process slightly more unpleasant. Even when functioning perfectly, the Okta servers usually take over five seconds to complete the login process. For us and a few others running quality-of-life or privacy-enhancing browser extensions, it has forced us to choose between abandoning our technology preferences and a daily nightmare of mediating the differences between Okta’s website and these features. 

For instance, because logging in via Okta always involves several unnecessary redirects and new tabs, Multitab Containers (a Firefox extension that lets you separate school tabs from personal tabs) causes it to loop into the same transition screen over and over again, forcing users to edit the link by hand to skip the intermediary loading site and go straight to Google Workspace (which, even then, sometimes mysteriously doesn’t work). Landing page redirects are widely considered bad web design throughout the industry. Okta’s website is a good example of how convoluted and inconsiderate code tested in a vacuum can result in sites which are unusable on devices running anything but vanilla versions of Google Chrome.

Compare this system to Google’s native MFA system — which the College used to employ — and one will find that the user experience has worsened in practically every way. While not the fastest possible MFA system, it is at least not a migraine-inducing mess to use. This is because Google’s servers are much faster, and their log-in screen is able to receive feedback from mobile apps without the need for several redirects.

Another issue with Okta is the lack of an obvious need for it, coupled with higher costs. Using Okta’s website, we estimate that the College is paying Okta $6 per user per month, which amounts to about $150,000 a year to cover all students — not even counting faculty and staff. This is especially strange in the light of recent cuts to the Dining Services budget — all for a program that runs so much unnecessary code that it takes a whole team to keep the tangled mess from sending our browsers into infinite redirect loops. While this may be a smart move on the part of the developers who get paid to maintain Okta, it doesn’t make for a good product. We can only imagine that OIT must have been persuaded by the magic charms of salespeople over Zoom meetings.

While we’re all stuck with Okta account management for the moment, you don’t have to use the Okta Verify app. If you email OIT, they will add you to a group of users who are authorized to use Google Authenticator or even your phone’s built-in biometric authenticator instead. Then, in your settings at sso.williams.edu, you can remove Okta as a verification method and add an alternative.

If stopping hackers were our first priority, then perhaps the College is right to use Okta. After all, the only surefire way to prevent unauthorized account access is to prevent any student from logging in at all.

Satya Benson ’26 is from Heath, Mass. 

Santiago Ferris ’26 is from Caracas, Venezuela.