Educause Security Discussion mailing list archives
Re: MFA Student Deployment Questions
From: "Giacobe, Nick" <nxg13 () PSU EDU>
Date: Thu, 17 Jan 2019 03:52:39 +0000
We rolled out in phases. Eventually, we set a required deadline for faculty/staff and all employees (including student employees) to use our 2FA solution. We have not (yet, I suspect it's coming soon) required student participation. Currently, it's optional for students. See https://www.identity.psu.edu/services/authentication-services/two-factor/ for what we tell our folks about the system. Our 2FA solution (DUO) can use a smartphone app, telephone calling to user-defined phone numbers and a 2FA dongle. The app operates in two modes. One mode is push, where the app is notified that a logon request has occurred, and the user must approve by clicking a button on the app. The second mode is synchronized pseudo-random number like a dongle does. I think the phone call version addresses many of the disability/accessibility issues. For the dongle, we allow the user to purchase it, if they want to... $22 per dongle. Also, there is an option for the user to have the system send them a text message with ten (10) one-time-use login 2FA codes. That may work also for some accessibility situations. Similar to what others report, faculty and staff took longer to adapt than students, but that may be similar to different generational issues with technology adoption. Anecdotally, I'd have to say that the vast majority of our users use the smartphone app. --- Nicklaus A. Giacobe, Ph.D. Director of Undergraduate Programs and Assistant Teaching Professor Phone: 814-865-8233 College of Information Sciences and Technology Penn State University E333 Westgate Building University Park, PA 16802 From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Edenfield, Alton Sent: Wednesday, January 16, 2019 10:01 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] MFA Student Deployment Questions Hi Stefan, 1. What methodology did you use to deploy MFA to students, incremental based on a variable or everyone at once? We did all of our students all at once. We did ours like you're doing yours in the way of doing Staff and Faculty first and then students months later. The students handled it much better then staff. I think because it was a younger crowd. We made sure our student tech support was with us for the rollout of Staff and Faculty so that they were trained very well. They were pretty busy at first but it was manageable. We also timed the deployment with our New Student Orientation (NSO), that that helped a ton as well, since students are coming to get IT support on the first day of class anyways. 2. Does your university provide students with hard tokens? If so, do the students have to pay for the token? How much? The University did provide hardware tokens but if I had to guess we only gave out maybe 10-20. 3. How to you manage accessibility issues for students with disabilities? HMM, great question. I don't think this came up 4. How do you handle situations where students can not take a device into a proctored testing lab? Did faculty have concerns about raising test anxiety for students? How were they addressed. I don't think we do Proctored testing and if we do it is on campus and MFA is not needed. Not sure on this sorry. 5. Are you handling student registration differently than faculty and staff? Please provide the link to any public documentation describing student enrollment. We put flyers out everywhere, digital signage, printed flyers in classes, dining facility, everywhere we could, along with emails and letters to mailboxes. They were practically the same enrollment between student, staff and faculty besides students showing up on NSO and maybe being more tech savvy. Thanks, Alton ________________________________ From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> on behalf of Stefan Wahe <0000009ffd3543ad-dmarc-request () LISTSERV EDUCAUSE EDU<mailto:0000009ffd3543ad-dmarc-request () LISTSERV EDUCAUSE EDU>> Sent: Wednesday, January 16, 2019 6:49 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] MFA Student Deployment Questions We are trying to finalize our MFA student deployment plans. We have received some interesting questions. We are interested in how your campus managed student deployment (we are partway through our faculty/staff deployment). I would appreciate a response to the following questions. 1. What methodology did you use to deploy MFA to students, incremental based on a variable or everyone at once? We did all of our students all at once. We did ours like you're doing yours in the way of doing Staff and Faculty first and then students months later. The students handled it much better then staff. I think because it was a younger crowd. We made sure our student tech support was with us for the rollout of Staff and Faculty so that they were trained very well. They were pretty busy at first but it was manageable. We also timed the deployment with our New Student Orientation (NSO), that that helped a ton as well, since students are coming to get IT support on the first day of class anyways. 2. Does your university provide students with hard tokens? If so, do the students have to pay for the token? How much? The University did provide hardware tokens but if I had to guess we only gave out maybe 10-20. 3. How to you manage accessibility issues for students with disabilities? HMM, great question. I don't think this came up 4. How do you handle situations where students can not take a device into a proctored testing lab? Did faculty have concerns about raising test anxiety for students? How were they addressed. I don't think we do Proctored testing and if we do it is on campus and MFA is not needed. Not sure on this sorry. 5. Are you handling student registration differently than faculty and staff? Please provide the link to any public documentation describing student enrollment. We put flyers out everywhere, digital signage, printed flyers in classes, dining facility, everywhere we could, along with emails and letters to mailboxes. They were practically the same enrollment between student, staff and faculty besides students showing up on NSO and maybe being more tech savvy. I appreciate your responses. Sincerely - Stefan Wahe ***************************** Stefan Wahe, CISSP University of Wisconsin-Madison Office of Cybersecurity Deputy Chief Information Security Officer HIPAA Security Officer 608-265-1177 [signature_767482743]
Current thread:
- MFA Student Deployment Questions Stefan Wahe (Jan 16)
- Re: MFA Student Deployment Questions Edenfield, Alton (Jan 16)
- Re: MFA Student Deployment Questions Giacobe, Nick (Jan 16)
- Re: MFA Student Deployment Questions Gregg, Christopher S. (Jan 16)
- Re: MFA Student Deployment Questions Telfer, Will (Jan 17)
- <Possible follow-ups>
- Re: MFA Student Deployment Questions Valerie Vogel (Jan 24)
- Re: MFA Student Deployment Questions Brad Judy (Jan 24)
- Re: MFA Student Deployment Questions Gregg, Christopher S. (Jan 24)
- Re: MFA Student Deployment Questions Brad Judy (Jan 24)
- Re: MFA Student Deployment Questions Edenfield, Alton (Jan 16)