Educause Security Discussion mailing list archives
Re: [EXTERNAL] Re: [SECURITY] [External] [SECURITY] Duo/2FA exemption policies
From: Valdis Klētnieks <valdis.kletnieks () VT EDU>
Date: Wed, 14 Aug 2019 18:37:37 -0400
On Wed, 14 Aug 2019 09:20:45 -0700, Gene LeDuc said:
If the Duo account doesn't have any devices, then the user logs in with credentials and gets to register a new device, problem solved and no temp bypasses to undo.
How do you deal with the case of "the user's phone died last night, they have to get work done today, and won't be able to actually get a new device for a few days"? Not everybody who has an iPhone has the cash on hand to lay out for a new one unexpectedly, and making them obtain a cheap burner phone they don't want in order to get their MFA working isn't going to make the security office any friends... ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Attachment:
_bin
Description:
Current thread:
- Duo/2FA exemption policies Kristen Dietiker (Aug 13)
- Re: Duo/2FA exemption policies Orlando Leon (Aug 13)
- Re: [EXTERNAL] [SECURITY] Duo/2FA exemption policies Bandy, John (Aug 14)
- Re: Duo/2FA exemption policies James Farr (Aug 14)
- Re: [External] [SECURITY] Duo/2FA exemption policies Gregg, Christopher S. (Aug 14)
- Re: [External] [SECURITY] Duo/2FA exemption policies Phill Moran (Aug 14)
- Re: [EXTERNAL] Re: [SECURITY] [External] [SECURITY] Duo/2FA exemption policies Gene LeDuc (Aug 14)
- Re: [EXTERNAL] Re: [SECURITY] [External] [SECURITY] Duo/2FA exemption policies Gregg, Christopher S. (Aug 14)
- Re: [EXTERNAL] Re: [SECURITY] [External] [SECURITY] Duo/2FA exemption policies Valdis Klētnieks (Aug 14)
- Re: [EXTERNAL] Re: [SECURITY] [EXTERNAL] Re: [SECURITY] [External] [SECURITY] Duo/2FA exemption policies Gene LeDuc (Aug 14)
- Re: [EXTERNAL] Re: [SECURITY] [EXTERNAL] Re: [SECURITY] [External] [SECURITY] Duo/2FA exemption policies Valdis Klētnieks (Aug 14)
- Message not available
- Re: [Ext] Re: [SECURITY] [EXTERNAL] Re: [SECURITY] [EXTERNAL] Re: [SECURITY] [External] [SECURITY] Duo/2FA exemption policies John Kristoff (Aug 14)
- Re: [EXTERNAL] Re: [SECURITY] [External] [SECURITY] Duo/2FA exemption policies Phill Moran (Aug 14)