Hi, Kellie,

I confess that I had not thought of institution-level implications for the proliferating MFA situations we are encountering with sponsor (external) portals.

As you are developing your thoughts, is there a concern about the use of an authenticator app on a personal cell phone you are trying to address? Our institution has MFA for the secure VPN client we use, so people are already using a personal cell phone app to access university resources. I did not even question the extension of this practice to external portals.

As we move closer to the NIH eRA Commons deadline for required use of Login.gov, I am developing guidance for users on account setup. Because Login.gov requires MFA, I will be interested in how other institutions handle the communication about authentication method. (I am using Google Authenticator on my personal cell phone.)

I know there is wider conversation about the use of personal cell phones for institution business, and if there are any data security or data retention issues that make personal cell phone use undesirable for conducting institutional activities. This sounds like one more item on that list to consider.

Thank you for initiating this discussion!

Chris Carsten | Electronic Research Administration (eRA) Systems Officer
Colorado State University | Office of Sponsored Programs
ph: 970.491.3852  | email: xxxxxx@colostate.edu

############################

To unsubscribe from the RESADM-L list:
write to: mailto:xxxxxx@LISTS.HEALTHRESEARCH.ORG
or click the following link:
http://lists.healthresearch.org/scripts/wa-HLTHRES.exe?SUBED1=RESADM-L&A=1