Educause Security Discussion mailing list archives

Re: [EXTERNAL] Re: [SECURITY] [External] [SECURITY] Duo/2FA exemption policies

From: Gene LeDuc <gleduc () SDSU EDU>
Date: Wed, 14 Aug 2019 09:20:45 -0700

We've found it easier to delete the old/lost phone from the user's Duoaccount instead of doing a temp disable. It seems cleaner and doesn'tbypass MFA (other than Duo's). If the Duo account doesn't have anydevices, then the user logs in with credentials and gets to register anew device, problem solved and no temp bypasses to undo.


Gene

On 8/14/19 6:14 AM, Gregg, Christopher S. wrote:

We also have a process in place to allow the help desk to temporarilydisable MFA for people who are in the process of replacing a lost/brokenphone, but I assume you are looking for ongoing/long-term exceptions.


--
Gene LeDuc                 | Don't cling to a mistake just because you
Technology Security        | spent a lot of time making it.
San Diego State University |

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Current thread:

Duo/2FA exemption policies Kristen Dietiker (Aug 13)
- Re: Duo/2FA exemption policies Orlando Leon (Aug 13)
- Re: [EXTERNAL] [SECURITY] Duo/2FA exemption policies Bandy, John (Aug 14)
- Re: Duo/2FA exemption policies James Farr (Aug 14)
- Re: [External] [SECURITY] Duo/2FA exemption policies Gregg, Christopher S. (Aug 14)
  - Re: [External] [SECURITY] Duo/2FA exemption policies Phill Moran (Aug 14)
  - Re: [EXTERNAL] Re: [SECURITY] [External] [SECURITY] Duo/2FA exemption policies Gene LeDuc (Aug 14)
    - Re: [EXTERNAL] Re: [SECURITY] [External] [SECURITY] Duo/2FA exemption policies Gregg, Christopher S. (Aug 14)
    - Re: [EXTERNAL] Re: [SECURITY] [External] [SECURITY] Duo/2FA exemption policies Valdis Klētnieks (Aug 14)
    - Re: [EXTERNAL] Re: [SECURITY] [EXTERNAL] Re: [SECURITY] [External] [SECURITY] Duo/2FA exemption policies Gene LeDuc (Aug 14)
    - Re: [EXTERNAL] Re: [SECURITY] [EXTERNAL] Re: [SECURITY] [External] [SECURITY] Duo/2FA exemption policies Valdis Klētnieks (Aug 14)
    - Message not available
    - Re: [Ext] Re: [SECURITY] [EXTERNAL] Re: [SECURITY] [EXTERNAL] Re: [SECURITY] [External] [SECURITY] Duo/2FA exemption policies John Kristoff (Aug 14)
    - Re: [EXTERNAL] Re: [SECURITY] [External] [SECURITY] Duo/2FA exemption policies Phill Moran (Aug 14)
  - Re: [External] [SECURITY] Duo/2FA exemption policies Jeremy Rosenberg (Aug 14)