assurance - Re: [Assurance] bootstrapping into 2-factor ....
Subject: Assurance
List archive
- From: David Langenberg <>
- To: "" <>
- Subject: Re: [Assurance] bootstrapping into 2-factor ....
- Date: Thu, 29 May 2014 15:16:49 -0600
I can't say what the best-practice is, but in our initial roll-out we'll just be notified by email if a user:
A) has a device registered
B) has not opted-in to forcing 2FA for all shib'd apps (our 2FA management portal is shib'd)
C) modifies/adds/deletes a device
Tight timelines lead to imperfect, but better than nothing solutions. Longer term plans are to add a knowledge-based solution to the management portal.
Dave
On Thu, May 29, 2014 at 2:09 PM, Steven Carmody <> wrote:
Hi,
We're in the process of evaluating, moving toward deploying two-factor for some applications. We'll probably end up TXTing a code to people's phones.
Its now occurred to us that we should require stronger authN when someone wants to edit their mobile phone number.
We're wondering what other sites have done to bootstrap themselves into the situation where someone MUST have already entered a mobile phone number so they can edit their mobile number ...
what's the best practice to get someone started down this road ?
David Langenberg
Identity & Access Management
The University of Chicago
- [Assurance] bootstrapping into 2-factor ...., Steven Carmody, 05/29/2014
- Re: [Assurance] bootstrapping into 2-factor ...., Tom Golson, 05/29/2014
- Re: [Assurance] bootstrapping into 2-factor ...., David Langenberg, 05/29/2014
- Re: [Assurance] bootstrapping into 2-factor ...., Tom Scavo, 05/29/2014
Archive powered by MHonArc 2.6.16.