Email list hosting service & mailing list manager

Re: MFA protocol Chris Carsten (18 Mar 2021 11:49 EST)
Re: MFA protocol Kellie Dyslin (19 Mar 2021 17:05 EST)

Re: MFA protocol Kellie Dyslin 19 Mar 2021 17:05 EST

Hi, Chris,

Yes, staff having to use their personal phones for MFA authentication (via Authenticator or text message) is one of the issues driving the conversation here. The other main issue is ensuring that we as an office have access to these systems and have a plan in place to provide coverage for staff absences and employment terminations. We also have to authenticate to access our institutional systems so everyone is using phones university-wide here as well, but yes, expanding that to additional non-NIU systems raises some questions.

Kellie

-----Original Message-----
From: Research Administration List <xxxxxx@LISTS.HEALTHRESEARCH.ORG> On Behalf Of Chris Carsten
Sent: Thursday, March 18, 2021 11:50 AM
To: xxxxxx@LISTS.HEALTHRESEARCH.ORG
Subject: Re: [RESADM-L] MFA protocol

Hi, Kellie,

I confess that I had not thought of institution-level implications for the proliferating MFA situations we are encountering with sponsor (external) portals.

As you are developing your thoughts, is there a concern about the use of an authenticator app on a personal cell phone you are trying to address? Our institution has MFA for the secure VPN client we use, so people are already using a personal cell phone app to access university resources. I did not even question the extension of this practice to external portals.

As we move closer to the NIH eRA Commons deadline for required use of Login.gov, I am developing guidance for users on account setup. Because Login.gov requires MFA, I will be interested in how other institutions handle the communication about authentication method. (I am using Google Authenticator on my personal cell phone.)

I know there is wider conversation about the use of personal cell phones for institution business, and if there are any data security or data retention issues that make personal cell phone use undesirable for conducting institutional activities. This sounds like one more item on that list to consider.

Thank you for initiating this discussion!

Chris Carsten | Electronic Research Administration (eRA) Systems Officer Colorado State University | Office of Sponsored Programs
ph: 970.491.3852  | email: xxxxxx@colostate.edu

############################

To unsubscribe from the RESADM-L list:
write to: mailto:xxxxxx@LISTS.HEALTHRESEARCH.ORG
or click the following link:
http://lists.healthresearch.org/scripts/wa-HLTHRES.exe?SUBED1=RESADM-L&A=1

############################

To unsubscribe from the RESADM-L list:
write to: mailto:xxxxxx@LISTS.HEALTHRESEARCH.ORG
or click the following link:
http://lists.healthresearch.org/scripts/wa-HLTHRES.exe?SUBED1=RESADM-L&A=1