<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Depending on what 2FA vendor you are using there could be a number of solutions. We are using Duo and so can use Ubikeys which work pretty much across the board of most devices. They are simple plug and play USB dongles that allow users
to just press a button when the system is prompting for 2FA. One challenge is that they may need multiple keys to be compatible with both their computer and mobile device if your 2FA is required on things they would be accessing via mobile devices. Since we
require 2FA for almost everything (including email) this has been the sore point in that regard.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Some 2FA vendors support delivering codes via SMS or phone call as well, although these types of deliveries are discouraged because they are slightly less secure.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> athen-list <athen-list-bounces@mailman12.u.washington.edu>
<b>On Behalf Of </b>Stephen Marositz<br>
<b>Sent:</b> Wednesday, October 27, 2021 4:39 PM<br>
<b>To:</b> Access Technology Higher Education Network <athen-list@u.washington.edu><br>
<b>Cc:</b> Emily Rascon-Desantos <erascondesantos1@csudh.edu><br>
<b>Subject:</b> [Athen] Accessible MFA Tokens<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Hello List <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">We at DH have turned on MFA (multifactor authentication) for both employees and students. For students with disabilities who cannot use tokens and who do not want to or cannot use a mobile device, do you have any suggestions for accessible
alternatives? This is an area I am not super familiar with so any ideas you have would be extremely helpful. Here is what I’ve suggested so far.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Lending An iPod Touch or similar device with the app installed will read out with TTS (Text-to-speech). To my mind, this should be considered best practice in most cases because the user can customize the speech (rate and pitch), text size
and contrast and other accessibility features. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">SafeID/Audio<o:p></o:p></p>
<p class="MsoNormal"><a href="https://urldefense.com/v3/__https:/web.deepnetsecurity.com/authenticators/one-time-password/safeid/*iLightbox*4*/4__;I1td!!KGKeukY!gJ-XKRjLzuYELli9tdV3FfzwJSQcHsPFCzt3gQUkbVzKm7ubu74WNbcpEKv4fTBvMw$">https://web.deepnetsecurity.com/authenticators/one-time-password/safeid/#iLightbox[4]/4</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Feitian USB Security Key<o:p></o:p></p>
<p class="MsoNormal"><a href="https://urldefense.com/v3/__https:/www.ftsafe.com/products/FIDO__;!!KGKeukY!gJ-XKRjLzuYELli9tdV3FfzwJSQcHsPFCzt3gQUkbVzKm7ubu74WNbcpEKvpx3sfng$">https://www.ftsafe.com/products/FIDO</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks in advance. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Alex Marositz J.D. ATAC<o:p></o:p></p>
<p class="MsoNormal">Information Security and Compliance Office<o:p></o:p></p>
<p class="MsoNormal">Information Technology<o:p></o:p></p>
<p class="MsoNormal">California State University, Dominguez Hills<o:p></o:p></p>
<p class="MsoNormal"><span lang="ES-MX">E: <u><span style="color:#0563C1"><a href="mailto:smarositz@csudh.edu"><span style="color:blue">smarositz@csudh.edu</span></a></span></u><o:p></o:p></span></p>
<p class="MsoNormal"><a href="https://urldefense.com/v3/__https:/www.csudh.edu/it/security-compliance/__;!!KGKeukY!gJ-XKRjLzuYELli9tdV3FfzwJSQcHsPFCzt3gQUkbVzKm7ubu74WNbcpEKtypJ7Zvg$"><span lang="ES-MX">https://www.csudh.edu/it/security-compliance/</span></a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>