Educause Security Discussion mailing list archives
Re: MFA - Telephony Credit Usage/Reduction
From: Chad Tracy <ctracy () BATES EDU>
Date: Mon, 25 Nov 2019 06:20:18 -0500
Ed - Like Jerry, we don't distinguish between personal or College devices. Chad On Fri, Nov 22, 2019 at 10:50 PM Jerry Tylutki <jtylutki () hamilton edu> wrote:
Ed - We don't distinguish between personal or University devices, we have SMS disallowed for all apps and policies in Duo. SMS was disallowed from the beginning, no community pushback going this approach. On Fri, Nov 22, 2019, 5:34 PM Ed Jalinske < 0000007d9892d157-dmarc-request () listserv educause edu> wrote:Will, Chad, Jerry – Do you have separate policies for University owned devices versus personal devices when disallowing SMS? If so, what are they and what is the basic reasoning for each? How have your campus communities responded? Thanks, Ed Jalinske, J.D. University of Wisconsin-Madison Office of Cybersecurity Program Director, Cybersecurity Policy and Education UW-Madison School of Business Adjunct Professor, Information Privacy and Security 608.262.3837 (Office) 917.945.0748 (Cell) ed.jalinske () wisc edu [image: Cybersecurity Logo1] *From:* The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Jerry Tylutki *Sent:* Friday, November 22, 2019 8:23 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] MFA - Telephony Credit Usage/Reduction We have disallowed SMS as well. To date we have around 84% push authentication, 7.5% with passcode, and 5.5% that use phone. To date the telephony credits haven't become an issue with our implementation. It will be interesting if the percentage changes once in 12-18 months once users starts to purchase new phones. *-------* *Jerry TylutkiInformation Security Officer* *Hamilton College* *(315) 859-4289 -- office* ******The contents of this email are CONFIDENTIAL. If you have received this email by mistake, please notify the sender and delete the email and its contents.****** On Fri, Nov 22, 2019 at 7:23 AM Chad Tracy <ctracy () bates edu> wrote: Will, I am not sure of the breakdown between the telephone and sms authentication, but we ended up not allowing SMS. I am not sure if that is possible for you all.... in the end, folks will take the easiest path they think is available. To that end, it is sometimes up to us to give them just one path. Chad On Thu, Nov 21, 2019 at 2:49 PM Telfer, Will <Will_Telfer () baylor edu> wrote: Greetings, At Baylor we are utilizing Duo for MFA & encouraging users to download & enroll with the free Duo Mobile app. I think we have decent adoption of the app, as we are consistently seeing above 70% usage of Duo push as the MFA method each month. Duo charges telephony credits for phone call & SMS passcode authentication (the amount of credits varies depending on whether it is a domestic phone number or an international number – if the cost is above 20 credits, that method of authentication is not available to users as this is the default setting). Between phone call & SMS passcode authentication we have seen our telephony credit usage rise from 6-7k credits used per day when we first implemented Duo a couple of years ago to just over 9k per day this month. I know some of this is due to the 60+ services that are now protected by Duo (we started with one service & have since increased that total), but does anyone out there have a better strategy for trying to lower the telephony credit usage other than emailing users that are not using the Duo Mobile app consistently? We suspect at least some of these users have gotten a new device & just haven’t re-connected the Duo Mobile app so they are limited to phone or SMS passcode authentication. Usually after I send out a batch of emails there is a temporary dip in telephony credit usage as some re-connect the app using the attached instructions to the email. We have a video tutorial & the same instructions on our campus Duo website & plan to advertise this when the spring semester starts on the basis that new devices may be a popular gift over the semester break. Thank You, *Will Telfer, M.S.* Information Security Analyst Information Technology Services Follow BaylorITS & look for the #BearAware: Twitter: @BaylorITS Facebook: facebook.com/BaylorITS Website: baylor.edu/BearAware [image: BU_e-signature] ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community -- Chad Tracy Director of Information Security, Policy and Compliance Bates College 207 786-6491 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
-- Chad Tracy Director of Information Security, Policy and Compliance Bates College 207 786-6491 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- MFA - Telephony Credit Usage/Reduction Telfer, Will (Nov 21)
- Re: MFA - Telephony Credit Usage/Reduction Bandy, John (Nov 21)
- Re: MFA - Telephony Credit Usage/Reduction Chad Tracy (Nov 22)
- Re: MFA - Telephony Credit Usage/Reduction Jerry Tylutki (Nov 22)
- Re: MFA - Telephony Credit Usage/Reduction Ed Jalinske (Nov 22)
- Re: MFA - Telephony Credit Usage/Reduction Jerry Tylutki (Nov 22)
- Re: MFA - Telephony Credit Usage/Reduction Chad Tracy (Nov 25)
- Re: MFA - Telephony Credit Usage/Reduction Telfer, Will (Nov 25)
- Re: MFA - Telephony Credit Usage/Reduction Jerry Tylutki (Nov 22)
- <Possible follow-ups>
- Re: MFA - Telephony Credit Usage/Reduction Nick Lewis (Nov 22)