Educause Security Discussion mailing list archives
Re: [EXTERNAL] Re: [SECURITY] MFA LMS
From: Ravi Kotecha <kotechar () BRANDEIS EDU>
Date: Thu, 25 Jun 2020 10:54:11 -0400
At Brandeis, all of our employees and students are required to use DUO for MFA. Every application that uses our Shibboleth SSO implementation requires using MFA. We do allow users to select the "remember me for 30 days" option, which makes it a little less cumbersome for some users. With most of the Spring semester and now the summer term remote, we still have not had an uptick in 2fa support requests. At the outset, we did offer hardware tokens to anyone who requested them. The bulk of these were faculty and students who either did not have a mobile phone or would be in an area where internet and cellular connectivity are sparse.
From an initial onboarding perspective, students needed help setting up the
DUO solution at around a 2% clip, while faculty edged higher near the 10-12% mark. Ongoing support is minimal. Largely we deal with enrolling new devices or supporting folks who haven't logged in in a while and need a refresher. I hope this helps! -- Ravi Kotecha '10, M.S. '14, M.S. '20 Privacy & Information Security Analyst Information Technology Services x67284 | security () brandeis edu On Thu, Jun 25, 2020 at 9:56 AM Jones, Mark B <Mark.B.Jones () uth tmc edu> wrote:
We are using the SAML option for Canvas authentication and our SAML solution requires MFA. It is working well. *From:* The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Garrett McManaway *Sent:* Wednesday, June 24, 2020 3:12 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] MFA LMS ***** EXTERNAL EMAIL ***** All, I am curious if anyone is currently using or looking at using MFA in front of their LMS and in particular Canvas? As the new norm is pointing towards far more online learning that we will eventually see more interest in maliciously accessing course content. The scenario I am thinking of is that of hacktivist catching on to the news stories that are challenging the idea that HigherEd is offering a watered down product at the same cost and then posting course material online that they obtained illegally. Of course nothing is stopping someone with legit access from doing the same but I think less feasible in my mind. Garrett McManaway CISO & Sr. Director C&IT - Information Security and Compliance Wayne State University Phone: 313-577-3454 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community&d=DwMFAg&c=bKRySV-ouEg_AT-w2QWsTdd9X__KYh9Eq2fdmQDVZgw&r=Lgw4Sh6g47kM5A_tpEcLZDyPGvmOKdeDlyp60PwA78c&m=IZHbDoPNMpquVBHMEWE6w1uzMe0kviQZ8uRyknFkDBs&s=dbhw8ciFloyK4nV42wNPbwFKlYSWXNklEIisi7A__2g&e=> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- MFA LMS Garrett McManaway (Jun 24)
- Re: MFA LMS Jason Edelstein (Jun 24)
- Re: MFA LMS Francisco Chavez (Jun 24)
- Re: MFA LMS Walter Moore (Jun 24)
- Re: MFA LMS Pardonek, Jim (Jun 25)
- Re: MFA LMS Thomas Skill (Jun 25)
- Re: MFA LMS Jones, Mark B (Jun 25)
- Re: [EXTERNAL] Re: [SECURITY] MFA LMS Ravi Kotecha (Jun 25)
- <Possible follow-ups>
- Re: MFA LMS Rick Haugerud (Jun 24)