U.S. Department of Education to Implement Two Factor Authentication for G5 Domenica Pappas (17 Mar 2016 09:06 EST)

U.S. Department of Education to Implement Two Factor Authentication for G5 Domenica Pappas 17 Mar 2016 09:06 EST

Hello Colleagues,

We will not provide personal cell numbers for authentication, only office
numbers.  It will probably add to the time of processing, but so be it.

Domenica

Domenica G. Pappas, CRA
Director
Sponsored Research and Programs

President, Midwest Section
Society of Research Administrators International
Join us for our Meeting May 15-18, 2016

10 W. 35th Street, Suite 7D7-1
Chicago, IL 60616
Phone: 312-567-3987
Fax:  312-567-6980
Email:  xxxxxx@iit.edu

-----Original Message-----
From: Research Administration List
[mailto:xxxxxx@lists.healthresearch.org] On Behalf Of RESADM-L automatic
digest system
Sent: Wednesday, March 16, 2016 11:00 PM
To: xxxxxx@lists.healthresearch.org
Subject: RESADM-L Digest - 15 Mar 2016 to 16 Mar 2016 (#2016-64)

There are 3 messages totaling 711 lines in this issue.

Topics of the day:

 1. U.S. Department of Education to Implement Two Factor Authentication for
G5
 Access (2)
 2. software as capital equipment?

----------------------------------------------------------------------

Date:    Wed, 16 Mar 2016 20:40:21 +0000
From:    "McClure, Christine Lynn" <xxxxxx@PITT.EDU>
Subject: U.S. Department of Education to Implement Two Factor Authentication
for G5 Access

All,

We received the below notification regarding a new 2 factor authentication
for every log-in to the G5.  How are other institutions planning on handling
this?  All ideas are greatly appreciated!

Thanks!
Christine

Christine L. McClure
Associate Director for Grant Operations
University of Pittsburgh
Office of Research
123 University Place, B21
Pittsburgh, PA 15213
412-624-7400
www.research.pitt.edu<http://www.research.pitt.edu/>

U.S. Department of Education to Implement Two Factor Authentication for G5
Access

The U.S. Office of Management and Budget (OMB) has mandated that all federal
agencies implement increased cybersecurity capabilities to prevent
unauthorized access to government systems. In keeping with the OMB mandate,
the U.S. Department of Education will be implementing a more secure means
for users of the G5 GrantsAdministration System to gain access, referred to
as two factor authentication. Soon, all G5 external users will be required
to enter a second piece ofidentification in addition to their password when
logging into the system.

Two factor authentications (2FA) is a security process in which the user
provides two means of identification from separate categories of
credentials; one is typically something that you know, such as a password;
and the other is something that you have, such as a security code you
download from your mobile device.The combination of these two security
factors makes it more difficult for someone to access government systems.
Once both the first and second factors are validated,users are allowed into
the system.

G5 users are already required to enter a password when logging into the
system. The second factor will be provided by a free application called
Google Authenticator that G5 users download and register to their mobile
devices. The device will then generate a unique code each time the user logs
into G5. For users who do not own a mobile device, the code can be retrieved
via a text message or a phone call.

Two factor authentication will be rolled out to G5 users in groups, starting
in mid-April 2016 and ending in June 2016. Specific details on how to
download the Google application or use an alternative method of code
retrieval will be provided to each user in an email shortly before their
account is switched over to 2FA.

In preparation for the 2FA switch, all G5 users will be encouraged to enter
at least one phone number as well as provide two additional security answers
on their G5 profile, starting March 14. When logging into G5 for the first
time after this date, users can go to the 'My Profile' page where they can
enter the additional data.

For further information on the implementation of Two Factor Authentication
for G5, you may contact the G5 Hotline at (888) 336-8930.

Email secured by Check Point

<br>
======================================================================<br>
 Instructions on how to use the RESADM-L Mailing List, including<br>
subscription information and a web-searchable archive, are available<br>
via our web site at http://www.healthresearch.org (click on the<br>
"LISTSERV" link in the upper right corner)<br> <br>  A link directly to
helpful tips:  http://tinyurl.com/resadm-l-help<br>
======================================================================<br>

------------------------------

Date:    Wed, 16 Mar 2016 15:54:06 -0500
From:    Lori Miller <xxxxxx@UNI.EDU>
Subject: Re: U.S. Department of Education to Implement Two Factor
Authentication for G5 Access

I was required to use the 2 factor authentication on a different federal
website. I had them call my desk phone and give me a code. I entered the
code and then was able to log in (only to realize my password expired, so I
had to start over again.....) Lori

--
Lori Miller
Post Award Support Services Coordinator
Office of Research and Sponsored Programs
213 East Bartlett Hall
Cedar Falls, IA 50614-0394
Phone: 319-273-4321
For deaf or hard-of-hearing use Relay 711
Fax: 319-273-2634
E-mail: xxxxxx@uni.edu

On 3/16/2016 3:40 PM, McClure, Christine Lynn wrote:
>
> *All,*
>
> *We received the below notification regarding a new 2 factor
> authentication for every log-in to the G5.  How are other institutions
> planning on handling this?  All ideas are greatly appreciated!*
>
> *Thanks!
> Christine*
>
> Christine L. McClure
>
> Associate Director for Grant Operations
>
> University of Pittsburgh
>
> Office of Research
>
> 123 University Place, B21
>
> Pittsburgh, PA 15213
>
> 412-624-7400
>
> www.research.pitt.edu <http://www.research.pitt.edu/>
>
> **
>
> **
>
> *U.S. Department of Education to Implement Two Factor Authentication
> for G5 Access*
>
> The U.S. Office of Management and Budget (OMB) has mandated that all
> federal agencies implement increased cybersecurity capabilities to
> prevent unauthorized access to government systems. In keeping with the
> OMB mandate, the U.S. Department of Education will be implementing a
> more secure means for users of the G5 GrantsAdministration System to
> gain access, referred to as two factor authentication. Soon, all G5
> external users will be required to enter a second piece
> ofidentification in addition to their password when logging into the
> system.
>
> Two factor authentications (2FA) is a security process in which the
> user provides two means of identification from separate categories of
> credentials; one is typically something that you know, such as a
> password; and the other is something that you have, such as a security
> code you download from your mobile device.The combination of these two
> security factors makes it more difficult for someone to access
> government systems. Once both the first and second factors are
> validated,users are allowed into the system.
>
> G5 users are already required to enter a password when logging into
> the system. The second factor will be provided by a free application
> called Google Authenticator that G5 users download and register to
> their mobile devices. The device will then generate a unique code each
> time the user logs into G5. For users who do not own a mobile device,
> the code can be retrieved via a text message or a phone call.
>
> Two factor authentication will be rolled out to G5 users in groups,
> starting in mid-April 2016 and ending in June 2016. Specific details
> on how to download the Google application or use an alternative method
> of code retrieval will be provided to each user in an email shortly
> before their account is switched over to 2FA.
>
> In preparation for the 2FA switch, all G5 users will be encouraged to
> enter at least one phone number as well as provide two additional
> security answers on their G5 profile, starting March 14. When logging
> into G5 for the first time after this date, users can go to the 'My
> Profile' page where they can enter the additional data.
>
> For further information on the implementation of Two Factor
> Authentication for G5, you may contact the G5 Hotline at (888) 336-8930.
>
>
>
> Email secured by Check Point
>
> <br>
> ======================================================================<br>
> Instructions on how to use the RESADM-L Mailing List, including<br>
> subscription information and a web-searchable archive, are
> available<br> via our web site at http://www.healthresearch.org (click
> on the<br> "LISTSERV" link in the upper right corner)<br> <br> A link
> directly to helpful tips: http://tinyurl.com/resadm-l-help<br>
> <http://tinyurl.com/resadm-l-help%3Cbr%3E>
> ======================================================================<br>

Email secured by Check Point

<br>
======================================================================<br>
 Instructions on how to use the RESADM-L Mailing List, including<br>
 subscription information and a web-searchable archive, are available<br>
 via our web site at http://www.healthresearch.org (click on the<br>
 "LISTSERV" link in the upper right corner)<br>
<br>
 A link directly to helpful tips:  http://tinyurl.com/resadm-l-help<br>
======================================================================<br>

------------------------------

Date:    Wed, 16 Mar 2016 23:23:20 +0000
From:    "dougm (Doug Mounce)" <xxxxxx@CRAB.ORG>
Subject: software as capital equipment?

Does anyone have strong opinions and/or policies about classifying software
 > $5K as capital equipment?  I know we used to do that if we bought an
instrument that included custom software, and we would sometimes add
software to the tagged piece of machinery and call it equipment (like
replacing a carburetor for performance compared to replacing worn-out
tires), but nowadays with stand-alone licenses costing more than the
hardware how do you classify the item?

(I've always said that the ADP line on the SF424 is where you put software.
And the Commandant of the Marine Corps called it ADPE back in 1987.)

In any case, our organization only charges indirects on direct labor so this
is more a question of category approval rather than cost or rate
negotiations.

Thanks! Doug

Email secured by Check Point

<br>
======================================================================<br>
 Instructions on how to use the RESADM-L Mailing List, including<br>
 subscription information and a web-searchable archive, are available<br>
 via our web site at http://www.healthresearch.org (click on the<br>
 "LISTSERV" link in the upper right corner)<br>
<br>
 A link directly to helpful tips:  http://tinyurl.com/resadm-l-help<br>
======================================================================<br>

------------------------------

End of RESADM-L Digest - 15 Mar 2016 to 16 Mar 2016 (#2016-64)
**************************************************************

Email secured by Check Point

<br>
======================================================================<br>
 Instructions on how to use the RESADM-L Mailing List, including<br>
 subscription information and a web-searchable archive, are available<br>
 via our web site at http://www.healthresearch.org (click on the<br>
 "LISTSERV" link in the upper right corner)<br>
<br>
 A link directly to helpful tips:  http://tinyurl.com/resadm-l-help<br>
======================================================================<br>