Educause Security Discussion mailing list archives
Self Service MFA recovery process
From: Martin Douglas <martin () UWO CA>
Date: Wed, 17 Mar 2021 21:56:17 +0000
Hi Educause Security, I am Martin Douglas from Western University in Ontario, Canada. We are contemplating building a self service MFA recovery process for people who have forgotten their device. The end result would be delivery of a temporary bypass code with the intention it is used to set up a secondary/tertiary device (to be used to regain access to services). NOTE: This has been cross-posted to Internet2-SI and Educause-IDM Would you mind providing in input to our discussions? * If you would prefer to give input offline you can email me directly. * If we get enough answers (>8), I could provide some aggregated results back to the list. Some questions: 1. Do you have a self service MFA recovery process? 2. If yes: a. What techniques and/or data do you use validate the person is who they claim to be? b. Is there a fall back process? E.g. call Helpdesk c. How successful has it been/often is it used (if you have data)? 3. If no and it is purposeful (as in it was contemplated and decided against): a. Why did you decide against it? E.g. security, usability, etc. b. What is your process to return MFA availability to users? Thank you in advance for you replies, ________________________________ Martin Douglas (martin () uwo ca) Associate Director, Application Development WTS, Western University 519 661-2111 x.81187 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Self Service MFA recovery process Martin Douglas (Mar 17)