Re: [EXTERNAL] [SECURITY] FIDO2 keys and MFA

["Tomassetti, Tina" <tomassettitm () SUNYBROOME EDU>]

Just curious, is there a major price difference between YubiKeys and FIDO2
keys?

Tina M. Tomassetti
Assistant Director of Networking and Telecommunications
Information Technology Services
SUNY Broome Community College
PO Box 1017  MS# 63
Binghamton, NY 13902
PH: 607-778-5011
FX: 607-778-5119
tomassettitm () sunybroome edu <tomassetti () sunybroome edu>


On Tue, May 12, 2020 at 10:30 AM Ravi Kotecha <kotechar () brandeis edu> wrote:

> Hi Beth,
>
> At Brandeis, we are using DUO and chose to offer hardware tokens that
> generate a one-time passcode instead of the YubiKey option. The hardware
> tokens cost about $20 each and we have decided it's a cost of doing
> business and any faculty, staff, or student can request one, at no cost to
> them. It is not widely advertised, but offered if someone expresses concern
> over the other 2fa options.
>
> The YubiKeys are great for USB capable devices, but since many users use
> mobile devices, the tokens were a better option for us. One reason we made
> the tokens available to anyone who asked was so that it was not a symbol of
> being low income. It also takes care of study abroad situations, and we did
> mail out tokens in those cases but since students were on campus when we
> enabled 2fa, the mailing situations were few and far between.
>
> Best,
> Ravi
> --
> Ravi Kotecha '10, M.S. '14, M.S. '20
> Privacy & Information Security Analyst
> Information Technology Services
> x67284 | security () brandeis edu
> [image: A button with "Hear my name" text for name playback in email
> signature] <https://www.name-coach.com/ravi-kotecha>
>
>
> On Mon, May 11, 2020 at 9:02 PM Beth Albertson <albertb3 () wwu edu> wrote:
>
> > We are in the process of implementing Azure MFA for our staff and
> > students.  We have a small percentage of students without smart phones, and
> > would like to offer them the option of using a FIDO2 key.  I was wondering
> > if other Universities are using FIDO2 keys, and if so, who is picking up
> > the cost?  Are students expected to buy their own device?  Also, we, like
> > most Universities are all online during the Covid crisis, so it seems we
> > would have to mail the FIDO2 keys to users if we pick up the cost.  Thank
> > you in advance for any information you can provide.
> >
> >
> >
> > Sincerely,
> >
> >
> >
> > Beth Albertson, CISSP®, PMP®
> >
> > Director of Information Security
> >
> > Western Washington University
> >
> > beth.albertson () wwu edu
> >
> >
> >
> > **********
> > Replies to EDUCAUSE Community Group emails are sent to the entire
> > community list. If you want to reply only to the person who sent the
> > message, copy and paste their email address and forward the email reply.
> > Additional participation and subscription information can be found at
> > https://www.educause.edu/community
> > <https://urldefense.com/v3/__https://www.educause.edu/community__;!!DaRZpAeNFA!M4vdDdcgk_1fNNyZV2ZCY-mUPsv4g0OidyLbira4z8z7UaPkO55iBpjfCs8NeaOfBnk$>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community