Educause Security Discussion mailing list archives
Re: 2-Factor Authentication / FERPA
From: Shawn Merdinger <shawnmer () GMAIL COM>
Date: Fri, 3 Mar 2017 11:16:42 -0600
Hi Michael, One can try to make the case that 2FA will provide more security for the faculty themselves, such as ADP password resets and attacker access to their W2 tax documents (please see http://seclists.org/educause/2016/q2/111 ). If you're hardcore, circulating a pre-breach draft letter that starts with "I, and a few others at this school, take your security very seriously....blah, blah, blah" can be a real crowd-pleaser. The only other tip I can suggest is to look for organizations prepared to take security seriously....you'll probably have to look outside of .edu however. After wrapping-up several years in .edu infosec myself, at this point I'm thinking about a food truck that only takes cash and bitcoin :) --scm Security Researcher and Recovering CISO On 3/3/17, Dodor, Michael <DodorM () uwstout edu> wrote:
Greetings, A number of regional campuses are in discussions on requiring 2-factor for access to High Risk data and one of the elements would be non-directory (private) FERPA records. The consensus concern with such a rollout would be usability on such a large scale and backlash from Faculty. Has anyone implemented and required 2-factor authentication for faculty accessing non-directory records? And if so, any tips? Thank you. Mike Dodor Network Administrator/Information Security Learning and Information Technology University of Wisconsin - Stout 327 Millennium Hall Menomonie, WI 54751 Phone: 715-232-2671 dodorm () uwstout edu<mailto:dodorm () uwstout edu>
Current thread:
- 2-Factor Authentication / FERPA Dodor, Michael (Mar 03)
- Re: 2-Factor Authentication / FERPA Thomas Skill (Mar 03)
- Re: 2-Factor Authentication / FERPA Shawn Merdinger (Mar 03)
- Re: 2-Factor Authentication / FERPA Nicholas Garigliano (Mar 03)
- Re: 2-Factor Authentication / FERPA Ben Marsden (Mar 03)
- Re: 2-Factor Authentication / FERPA Shettler, David (Mar 03)
- Re: 2-Factor Authentication / FERPA Nicholas Garigliano (Mar 03)
- Re: 2-Factor Authentication / FERPA Ben Marsden (Mar 03)
- <Possible follow-ups>
- Re: 2-Factor Authentication / FERPA Hudson, Edward (Mar 03)