[Athen] Accessible MFA Tokens

[Bossley, Peter A.]

Depending on what 2FA vendor you are using there could be a number of solutions. We are using Duo and so can use Ubikeys which work pretty much across the board of most devices. They are simple plug and play USB dongles that allow users to just press a button when the system is prompting for 2FA. One challenge is that they may need multiple keys to be compatible with both their computer and mobile device if your 2FA is required on things they would be accessing via mobile devices. Since we require 2FA for almost everything (including email) this has been the sore point in that regard.

Some 2FA vendors support delivering codes via SMS or phone call as well, although these types of deliveries are discouraged because they are slightly less secure.


From: athen-list <athen-list-bounces at mailman12.u.washington.edu> On Behalf Of Stephen Marositz
Sent: Wednesday, October 27, 2021 4:39 PM
To: Access Technology Higher Education Network <athen-list at u.washington.edu>
Cc: Emily Rascon-Desantos <erascondesantos1 at csudh.edu>
Subject: [Athen] Accessible MFA Tokens

Hello List

We at DH have turned on MFA (multifactor authentication) for both employees and students. For students with disabilities who cannot use tokens and who do not want to or cannot use a mobile device, do you have any suggestions for accessible alternatives? This is an area I am not super familiar with so any ideas you have would be extremely helpful. Here is what I've suggested so far.

Lending An iPod Touch or similar device with the app installed will read out with TTS (Text-to-speech). To my mind, this should be considered best practice in most cases because the user can customize the speech (rate and pitch), text size and contrast and other accessibility features.

SafeID/Audio
https://web.deepnetsecurity.com/authenticators/one-time-password/safeid/#iLightbox[4]/4<https://urldefense.com/v3/__https:/web.deepnetsecurity.com/authenticators/one-time-password/safeid/*iLightbox*4*/4__;I1td!!KGKeukY!gJ-XKRjLzuYELli9tdV3FfzwJSQcHsPFCzt3gQUkbVzKm7ubu74WNbcpEKv4fTBvMw$>

Feitian USB Security Key
https://www.ftsafe.com/products/FIDO<https://urldefense.com/v3/__https:/www.ftsafe.com/products/FIDO__;!!KGKeukY!gJ-XKRjLzuYELli9tdV3FfzwJSQcHsPFCzt3gQUkbVzKm7ubu74WNbcpEKvpx3sfng$>


Thanks in advance.


Alex Marositz J.D. ATAC
Information Security and Compliance Office
Information Technology
California State University, Dominguez Hills
E: smarositz at csudh.edu<mailto:smarositz at csudh.edu>
https://www.csudh.edu/it/security-compliance/<https://urldefense.com/v3/__https:/www.csudh.edu/it/security-compliance/__;!!KGKeukY!gJ-XKRjLzuYELli9tdV3FfzwJSQcHsPFCzt3gQUkbVzKm7ubu74WNbcpEKtypJ7Zvg$>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman12.u.washington.edu/pipermail/athen-list/attachments/20211027/cb9c348d/attachment.html>