Re: 2 factor authentication

[Chad Tracy <ctracy () BATES EDU>]

I wanted to follow that logic when we deployed Duo across our campus, just
do it across the board... it didn’t turn out that way in the end. We opted
not to include some folks in dining and events - folks who work per diem or
on call. The reason being was that the turnover for those folks was so
great and many of them didn’t have smartphones which would have caused
those folks to use a fob... which probably would end up never being
returned.

On Fri, Jun 7, 2019 at 10:14 PM Brian Epstein <bepstein () ias edu> wrote:

> For everyone that has a smartphone, we will user it for the verification
> portion.  For the edge cases, we will have to come up with something else.
> We are looking at implementing it everywhere we can over the next 12-24
> months.  I heard a great talk on this at the Educause Security 19
> conference.  The discussion was around implementing it everywhere that is
> possible so you don't have to manage which service/role warrants MFA.  That
> really spoke to me as the management and decision making process can be
> daunting.  If you decide to use it everywhere, though, the only thing you
> have to manage is your users, who will be getting used to it anyway.  Might
> not be suitable for all organizations, but it makes a lot of sense to me.
>
> Thanks,
> Brian
>
>
> --
> Brian Epstein <bepstein () ias edu>                     +1 609-734-8179
> Manager, Network and Security           Institute for Advanced Study
> Key fingerprint = A6F3 9F5A 26C5 5847 79ED  C34C C0E5 244A 55CA 2B78
>
> On Fri, Jun 7, 2019, 16:42 Brian Clark <brian.clark () caspercollege edu>
> wrote:
>
> > Hi Brian,
> >
> > Are you going to use Duo push for everyone on campus?
> >
> > On Fri, Jun 7, 2019 at 2:33 PM Brian Epstein <bepstein () ias edu> wrote:
> >
> > > We are going to start using Duo push to verify user identities over the
> > > phone.  Except, of course, when the issue is with Duo Security.  We are
> > > still trying to figure that one out. :)
> > >
> > > Thanks,
> > > ep
> > >
> > > On 6/7/19 2:45 PM, Jenny Blaine wrote:
> > > > Yes. We have it in front of Shibboleth auth. Duo is our provider. It
> > > > has been opt-in for gmail and other non-Enterprise solutions. However,
> > > > we are going to make it obligatory for everyone, students & staff,
> > > > beginning November 1, 2019.
> > > >
> > > > Hope this helps!
> > > >
> > > > Jenny B.
> > > >
> > > > On Fri, Jun 7, 2019 at 12:36 PM Brian Clark
> > > > <brian.clark () caspercollege edu> wrote:
> > > > > Is anyone using 2F for anything other than remote services or systems?
> > > > > --
> > > > > Brian Clark
> > > > > Systems Programmer
> > > > > Casper College
> > > > > 125 College Drive
> > > <https://www.google.com/maps/search/125+College+Drive+%0D%0A+Casper+WY+82601?entry=gmail&source=g>
> > >
> > > <https://www.google.com/maps/search/125+College+Drive+%0D%0A+Casper+WY+82601?entry=gmail&source=g>>>
> > > Casper WY 82601
> > > <https://www.google.com/maps/search/125+College+Drive+%0D%0A+Casper+WY+82601?entry=gmail&source=g>
> > > > > brian.clark () caspercollege edu
> > >
> > >
> > >
> > > --
> > > Brian Epstein <bepstein () ias edu>                     +1 609-734-8179
> > > Manager, Network and Security           Institute for Advanced Study
> > > Key fingerprint = A6F3 9F5A 26C5 5847 79ED  C34C C0E5 244A 55CA 2B78
> > >
> > > --
> > Brian Clark
> > Systems Programmer
> > Casper College
> > 125 College Drive
> > <https://www.google.com/maps/search/125+College+Drive+Casper+WY+82601?entry=gmail&source=g>
> > Casper WY 82601
> > <https://www.google.com/maps/search/125+College+Drive+Casper+WY+82601?entry=gmail&source=g>
> > brian.clark () caspercollege edu
> --
Chad Tracy
Director of Information Security, Policy and Compliance
Bates College
207 786-6491