Re: MFA - Telephony Credit Usage/Reduction

[Nick Lewis <nlewis () INTERNET2 EDU>]

Hi Will,

One pf the additional ways I’ve seen campuses lower their telephony costs is by extending the Remember Me time. The 
longer that time period, the potential lower the number of authentications and the lower telephony costs. This does 
come as a trade-off around sessions time outs and such.

Thanks,

Nick


Nick Lewis, MS, MA, CISSP
Program Manager, NET+ Cloud Services - Security and Identity
Internet2
nlewis () internet2 edu



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "Telfer, Will" 
<Will_Telfer () BAYLOR EDU>
Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Thursday, November 21, 2019 at 2:49 PM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] MFA - Telephony Credit Usage/Reduction

Greetings,

At Baylor we are utilizing Duo for MFA & encouraging users to download & enroll with the free Duo Mobile app. I think 
we have decent adoption of the app, as we are consistently seeing  above 70% usage of Duo push as the MFA method each 
month. Duo charges telephony credits for phone call & SMS passcode authentication (the amount of credits varies 
depending  on whether it is a domestic phone number or an international number – if the cost is above 20 credits, that 
method of authentication is not available to users as this is the default setting). Between phone call & SMS passcode 
authentication we have seen our telephony credit usage rise from 6-7k credits used per day when we first implemented 
Duo a couple of years ago to just over 9k per day this month. I know some of this is due to the 60+ services that are 
now protected by Duo (we started with one service & have since increased that total), but does anyone out there have a 
better strategy for trying to lower the telephony credit usage other than emailing users that are not using the Duo 
Mobile app consistently?

We suspect at least some of these users have gotten a new device & just haven’t re-connected the Duo Mobile app so they 
are limited to phone or SMS passcode authentication. Usually after I send out a batch of emails there is a temporary 
dip in telephony credit usage as some re-connect the app using the attached instructions to the email. We have a video 
tutorial & the same instructions on our campus Duo website & plan to advertise this when the spring semester starts on 
the basis that new devices may be a popular gift over the semester break.

Thank You,
Will Telfer, M.S.
Information Security Analyst
Information Technology Services

Follow BaylorITS & look for the #BearAware:
Twitter: @BaylorITS
Facebook: facebook.com/BaylorITS
Website: baylor.edu/BearAware

[BU_e-signature]


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community