Educause Security Discussion mailing list archives
Re: [EXTERNAL] Re: [SECURITY] [External] [SECURITY] Duo/2FA exemption policies
From: "Gregg, Christopher S." <csgregg () STTHOMAS EDU>
Date: Wed, 14 Aug 2019 17:33:10 +0000
What do you do if the person will be without a device for a period of a couple of days? This could be where we are at a disadvantage with the Microsoft solution as it doesn’t offer one time passcodes that can be generated in advance. Chris Chris Gregg University of St. Thomas Stop. Think. Click. ________________________________ From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Gene LeDuc <gleduc () SDSU EDU> Sent: Wednesday, August 14, 2019 11:20:45 AM To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] [EXTERNAL] Re: [SECURITY] [External] [SECURITY] Duo/2FA exemption policies We've found it easier to delete the old/lost phone from the user's Duo account instead of doing a temp disable. It seems cleaner and doesn't bypass MFA (other than Duo's). If the Duo account doesn't have any devices, then the user logs in with credentials and gets to register a new device, problem solved and no temp bypasses to undo. Gene On 8/14/19 6:14 AM, Gregg, Christopher S. wrote:
We also have a process in place to allow the help desk to temporarily disable MFA for people who are in the process of replacing a lost/broken phone, but I assume you are looking for ongoing/long-term exceptions.
-- Gene LeDuc | Don't cling to a mistake just because you Technology Security | spent a lot of time making it. San Diego State University | ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Ccsgregg%40STTHOMAS.EDU%7Cb5f89045544c44d1880a08d720d35ea9%7Ca081ff79318c45ec95f338ebc2801472%7C1%7C0%7C637013964631619277&sdata=70UgfV%2FeODANPujk99huDp6ZJS8fCc%2FGlH1qf96%2F2xw%3D&reserved=0 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Duo/2FA exemption policies Kristen Dietiker (Aug 13)
- Re: Duo/2FA exemption policies Orlando Leon (Aug 13)
- Re: [EXTERNAL] [SECURITY] Duo/2FA exemption policies Bandy, John (Aug 14)
- Re: Duo/2FA exemption policies James Farr (Aug 14)
- Re: [External] [SECURITY] Duo/2FA exemption policies Gregg, Christopher S. (Aug 14)
- Re: [External] [SECURITY] Duo/2FA exemption policies Phill Moran (Aug 14)
- Re: [EXTERNAL] Re: [SECURITY] [External] [SECURITY] Duo/2FA exemption policies Gene LeDuc (Aug 14)
- Re: [EXTERNAL] Re: [SECURITY] [External] [SECURITY] Duo/2FA exemption policies Gregg, Christopher S. (Aug 14)
- Re: [EXTERNAL] Re: [SECURITY] [External] [SECURITY] Duo/2FA exemption policies Valdis Klētnieks (Aug 14)
- Re: [EXTERNAL] Re: [SECURITY] [EXTERNAL] Re: [SECURITY] [External] [SECURITY] Duo/2FA exemption policies Gene LeDuc (Aug 14)
- Re: [EXTERNAL] Re: [SECURITY] [EXTERNAL] Re: [SECURITY] [External] [SECURITY] Duo/2FA exemption policies Valdis Klētnieks (Aug 14)
- Message not available
- Re: [Ext] Re: [SECURITY] [EXTERNAL] Re: [SECURITY] [EXTERNAL] Re: [SECURITY] [External] [SECURITY] Duo/2FA exemption policies John Kristoff (Aug 14)
- Re: [EXTERNAL] Re: [SECURITY] [External] [SECURITY] Duo/2FA exemption policies Phill Moran (Aug 14)