Re: MFA LMS

[Thomas Skill <tskill1 () UDAYTON EDU>]

We implemented Duo 2FA for all faculty on our Sakai LMS about 3 years ago
-- faculty feel much more confident in using the gradebook as our
official record.   Many years ago we did have a student steal credentials
from a faculty member and attempt to improve his grade in a course.  We
caught him when we saw simultaneous log-ins from different geographic
locations.

Thomas Skill, Ph.D.
Associate Provost & CIO
Professor, Communication
Office (937) 229-4307
[image: A button with "Hear my name" text for name playback in email
signature]  <https://www.name-coach.com/thomas-skill>
eMail: skill () udayton edu <tskill1 () udayton edu> | Twitter: @skilltd
<https://twitter.com/skilltd> | Linkedin: skilltd
<http://www.linkedin.com/in/skilltd>

UDit
University of Dayton
300 College Park
Dayton, OH 45469-2230








On Thu, Jun 25, 2020 at 9:40 AM Pardonek, Jim <jpardonek () luc edu> wrote:

> Garrett,
>
>
>
> We are a Sakai shop and have plans to move to MFA this fall.  We have the
> same concerns that you are having.  We haven’t seen much in the way of
> malicious behavior but several faculty have raised concerns over cheating.
>
>
>
> Jim
>
>
>
> *James Pardonek, MS, CISSP, CEH, GSNA*
>
> *Associate Director*
>
> *Chief Information Security Officer*
>
>
> * Loyola University Chicago  1032 W. Sheridan Road | Chicago, IL  60660 *
> * (**: (773) 508-6086*
>
>
>
> *Loyola University Chicago will never ask you for your username or
> password.*
>
> *For the latest information security news at Loyola, please follow us
> online,*
>
> *Twitter: @LUCUISO*
>
> *Facebook: https://www.facebook.com/lucuiso/
> <https://www.facebook.com/lucuiso/>*
>
> *Our Blog http://blogs.luc.edu/uiso/ <http://blogs.luc.edu/uiso/>*
>
>
>
> *From:* The EDUCAUSE Security Community Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Garrett McManaway
> *Sent:* Wednesday, June 24, 2020 3:12 PM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [SECURITY] MFA LMS
>
>
>
> All,
>
>
>
> I am curious if anyone is currently using or looking at using MFA in front
> of their LMS and in particular Canvas? As the new norm is pointing towards
> far more online learning that we will eventually see more interest in
> maliciously accessing course content.
>
>
>
> The scenario I am thinking of is that of hacktivist catching on to the
> news stories that are challenging the idea that HigherEd is offering a
> watered down product at the same cost and then posting course material
> online that they obtained illegally. Of course nothing is stopping someone
> with legit access from doing the same but I think less feasible in my mind.
>
>
>
> Garrett McManaway
>
> CISO & Sr. Director
>
> C&IT - Information Security and Compliance
>
> Wayne State University
>
> Phone: 313-577-3454
>
>
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community