Veronica Klein sat in the North Academic Center computer lab on a chilly afternoon in October, staring blankly at her laptop screen. The junior Ad/PR major had planned to use her time in the library to catch up on coursework. She opened Chrome, typed in the Brightspace URL, entered her username and password, and waited for the familiar Microsoft Authenticator prompt on her iPhone. Nothing appeared. She refreshed the page. Still nothing. She checked her phone’s notification settings, restarted the app, and tried logging in again. The authentication code refused to load.
“It was so annoying,” Klein recalls. “I was getting really frustrated with something that’s supposed to be so simple.”
Klein hurried to the technology desk on the building’s second floor, where a staff member discovered the problem. “I had to get it rebooted at the technology desk,” she said. “It accidentally got installed twice and neither code would work.” The technician spent fifteen minutes uninstalling both copies and reinstalling a fresh version.
Klein’s frustration echoes across CCNY’s campus. Since the fall 2025 semester, CUNY implemented a requirement that forces students to pull out their phones and input a code through Microsoft Authenticator in order to access Brightspace, not just once, but multiple times throughout the day. Designed as a security measure, it has become an ongoing frustration. Repeated authentication prompts interrupt logins and slow access to class materials, forcing students to confirm their identity over and over just to check assignments, announcements, and grades.
“My takeaway from this MFA thing is that we would need to have our phone every time when we want to access Cunyfirst.” Says Jacob Sanchez, a senior at CCNY. “If we don’t have one we could be locked out and not have any access to getting what we need.”
The authentication requirement reflects a broader trend. In an increasingly digitally complicated world, two-factor authentication has become standard practice. It’s a security measure designed to protect online accounts by requiring users to verify their identity in more than one way. Instead of logging in with just a username and password, users must also confirm their identity through a second step, such as approving a notification on a smartphone app or entering a temporary code sent by text message. However, this added protection comes with unintended consequences.
CCNY students feel those consequences daily. When students are working, they have to pull out their phones to access coursework, which can be deeply distracting. Smartphones provide the biggest source of distraction for Generation Z. Simply taking a phone out to receive a code can derail focus, and students might often find themselves scrolling on Instagram or TikTok without even thinking about the assignment they were supposed to start.
“I hate having to open my phone and then I find myself doomscrolling,” says Chelsea Gomez, a sociology major in her third year at CCNY. “By the time I start my assignments I’ve already wasted at least 20 minutes of time.”
The frustrations go beyond distraction. Students have been locked out of their accounts entirely when they don’t have access to their phones. “When my phone got stolen, I had no access to it whatsoever,” says Jacob Sanchez, a CCNY senior. “I had a backup thankfully, but even then it took me so much time to get back in.”
Other students simply can’t see the point. “No one’s trying to do my assignments but me,” says Naomi Jude, a photography major in her fourth year at CCNY. “I find it tedious and annoying.”
Despite student complaints, the feature has benefits. Since Brightspace and CUNYfirst both use the same login page, Microsoft Authenticator is required for both sites. While most hackers aren’t looking to log in to someone else’s Brightspace and complete assignments for them, they might be more interested in accessing sensitive personal and financial information through the CUNYFirst portal. City College also has a history of dealing with phishing scams that pose as account termination notices or job offers. This often leads to users unknowingly leaking their login information to bad actors. Now, because of Microsoft Authenticator, a hacker would need to have a student’s mobile device in hand to access their CUNYfirst account, even with their full username and password.
JonPierre Fondeur, a photography major in his last year at CCNY, appreciates the added security. “I like Microsoft Authenticator,” he says. “It makes it harder for hackers to actually access all of your information. I think it’s needed in our world with powerful technology.”
Tags: CCNY CUNY Accessibility CUNYfirst Fraud and Theft Protection Jennifer Lee Multiple Factor Authenticator
Series: Education
