ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    MFA - who pays for authentication solution?

    IT Discussion
    mfa dashrender
    11
    27
    2.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bnrstnr @Dashrender
      last edited by bnrstnr

      @Dashrender said in MFA - who pays for authentication solution?:

      for multiple sites? Just what everyone wants, a pocket full of tokens.

      Who cares? If they're going to cry about the tokens give them the option to use their phone. But the tokens are what the company supplies...

      IRJI 1 Reply Last reply Reply Quote 1
      • IRJI
        IRJ @Dashrender
        last edited by

        @Dashrender said in MFA - who pays for authentication solution?:

        @IRJ said in MFA - who pays for authentication solution?:

        Why not just supply hardware tokens? They are not that expensive.

        for multiple sites? Just what everyone wants, a pocket full of tokens.

        EHR
        email
        2nd EHR
        3rd EHR
        4th EHR
        5th EHR

        it's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.

        That's when you use a service like okta or jump cloud

        1 Reply Last reply Reply Quote 0
        • IRJI
          IRJ @bnrstnr
          last edited by

          @bnrstnr said in MFA - who pays for authentication solution?:

          @Dashrender said in MFA - who pays for authentication solution?:

          for multiple sites? Just what everyone wants, a pocket full of tokens.

          Who cares? If they're going to cry about the tokens give them the option to use their phone. But the tokens are what the company supplies...

          I agree 100%. Give them the option. Most will choose their phone. I guarantee it

          1 Reply Last reply Reply Quote 2
          • DashrenderD
            Dashrender
            last edited by

            Lol, yeah once we reach that point it would definitely be one way to get them to just accept using their own device with no added funds.

            I’m not in a boat one way or the other...

            It seems we have some that are clearly in one camp or the other though.

            1 Reply Last reply Reply Quote 0
            • wirestyle22W
              wirestyle22
              last edited by

              I'm of the opinion that the company should provide users with anything that is required to do their job. In this case, if a mobile device is required for them to do their job then the company should provide the device. If it's not required then it's the users choice.

              1 Reply Last reply Reply Quote 0
              • stacksofplatesS
                stacksofplates @Dashrender
                last edited by

                @Dashrender said in MFA - who pays for authentication solution?:

                @IRJ said in MFA - who pays for authentication solution?:

                Why not just supply hardware tokens? They are not that expensive.

                for multiple sites? Just what everyone wants, a pocket full of tokens.

                EHR
                email
                2nd EHR
                3rd EHR
                4th EHR
                5th EHR

                it's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.

                This is a joke right? You can use a token across multiple sites. Especially Yubikeys.

                DashrenderD 1 Reply Last reply Reply Quote 0
                • DashrenderD
                  Dashrender @stacksofplates
                  last edited by

                  @stacksofplates said in MFA - who pays for authentication solution?:

                  @Dashrender said in MFA - who pays for authentication solution?:

                  @IRJ said in MFA - who pays for authentication solution?:

                  Why not just supply hardware tokens? They are not that expensive.

                  for multiple sites? Just what everyone wants, a pocket full of tokens.

                  EHR
                  email
                  2nd EHR
                  3rd EHR
                  4th EHR
                  5th EHR

                  it's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.

                  This is a joke right? You can use a token across multiple sites. Especially Yubikeys.

                  yeah I know you can with something like a Yubikey - but that assumes that the site supports Yubikeys -and our EHR only supports Symantec VIP tokens - super lame!

                  ObsolesceO stacksofplatesS 2 Replies Last reply Reply Quote 0
                  • ObsolesceO
                    Obsolesce @Dashrender
                    last edited by

                    @Dashrender said in MFA - who pays for authentication solution?:

                    and our EHR only supports Symantec VIP tokens - super lame!

                    Then why did you add that in the list if the only solution to that EHR is a Symantec VIP token? Then you already have the only MFA answer to that. Start there and see if everything else supports it. If not, then yeah, a pocket full of keys they shall get... or opt to use their phone.

                    1 Reply Last reply Reply Quote 0
                    • stacksofplatesS
                      stacksofplates @Dashrender
                      last edited by

                      @Dashrender said in MFA - who pays for authentication solution?:

                      @stacksofplates said in MFA - who pays for authentication solution?:

                      @Dashrender said in MFA - who pays for authentication solution?:

                      @IRJ said in MFA - who pays for authentication solution?:

                      Why not just supply hardware tokens? They are not that expensive.

                      for multiple sites? Just what everyone wants, a pocket full of tokens.

                      EHR
                      email
                      2nd EHR
                      3rd EHR
                      4th EHR
                      5th EHR

                      it's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.

                      This is a joke right? You can use a token across multiple sites. Especially Yubikeys.

                      yeah I know you can with something like a Yubikey - but that assumes that the site supports Yubikeys -and our EHR only supports Symantec VIP tokens - super lame!

                      I'd argue it might work anyway. Yubikeys support up to 31 or so OATH-TOTP codes (like an RSA token or Google auth app type token). It also supports any number of u2f applications and two slots for TOTP/HOTP, hmac-SHA1, and GPG keys.

                      As long as the VIP tokens use some standard for the way it generates the TOTP token you can scan it/enter it with the Yubikey Authenticator app and have it manage that.

                      DashrenderD 1 Reply Last reply Reply Quote 2
                      • DashrenderD
                        Dashrender @stacksofplates
                        last edited by

                        @stacksofplates said in MFA - who pays for authentication solution?:

                        @Dashrender said in MFA - who pays for authentication solution?:

                        @stacksofplates said in MFA - who pays for authentication solution?:

                        @Dashrender said in MFA - who pays for authentication solution?:

                        @IRJ said in MFA - who pays for authentication solution?:

                        Why not just supply hardware tokens? They are not that expensive.

                        for multiple sites? Just what everyone wants, a pocket full of tokens.

                        EHR
                        email
                        2nd EHR
                        3rd EHR
                        4th EHR
                        5th EHR

                        it's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.

                        This is a joke right? You can use a token across multiple sites. Especially Yubikeys.

                        yeah I know you can with something like a Yubikey - but that assumes that the site supports Yubikeys -and our EHR only supports Symantec VIP tokens - super lame!

                        I'd argue it might work anyway. Yubikeys support up to 31 or so OATH-TOTP codes (like an RSA token or Google auth app type token). It also supports any number of u2f applications and two slots for TOTP/HOTP, hmac-SHA1, and GPG keys.

                        As long as the VIP tokens use some standard for the way it generates the TOTP token you can scan it/enter it with the Yubikey Authenticator app and have it manage that.

                        Interesting.. thanks.

                        JaredBuschJ 1 Reply Last reply Reply Quote 0
                        • JaredBuschJ
                          JaredBusch @Dashrender
                          last edited by

                          @Dashrender said in MFA - who pays for authentication solution?:

                          @stacksofplates said in MFA - who pays for authentication solution?:

                          @Dashrender said in MFA - who pays for authentication solution?:

                          @stacksofplates said in MFA - who pays for authentication solution?:

                          @Dashrender said in MFA - who pays for authentication solution?:

                          @IRJ said in MFA - who pays for authentication solution?:

                          Why not just supply hardware tokens? They are not that expensive.

                          for multiple sites? Just what everyone wants, a pocket full of tokens.

                          EHR
                          email
                          2nd EHR
                          3rd EHR
                          4th EHR
                          5th EHR

                          it's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.

                          This is a joke right? You can use a token across multiple sites. Especially Yubikeys.

                          yeah I know you can with something like a Yubikey - but that assumes that the site supports Yubikeys -and our EHR only supports Symantec VIP tokens - super lame!

                          I'd argue it might work anyway. Yubikeys support up to 31 or so OATH-TOTP codes (like an RSA token or Google auth app type token). It also supports any number of u2f applications and two slots for TOTP/HOTP, hmac-SHA1, and GPG keys.

                          As long as the VIP tokens use some standard for the way it generates the TOTP token you can scan it/enter it with the Yubikey Authenticator app and have it manage that.

                          Interesting.. thanks.

                          It is the same for using Authy instead of Google Authenticator. A lot of sites only say Google Authenticator, but they all use standards, thus Authy works just fine.

                          ObsolesceO 1 Reply Last reply Reply Quote 2
                          • ObsolesceO
                            Obsolesce @JaredBusch
                            last edited by

                            @JaredBusch said in MFA - who pays for authentication solution?:

                            @Dashrender said in MFA - who pays for authentication solution?:

                            @stacksofplates said in MFA - who pays for authentication solution?:

                            @Dashrender said in MFA - who pays for authentication solution?:

                            @stacksofplates said in MFA - who pays for authentication solution?:

                            @Dashrender said in MFA - who pays for authentication solution?:

                            @IRJ said in MFA - who pays for authentication solution?:

                            Why not just supply hardware tokens? They are not that expensive.

                            for multiple sites? Just what everyone wants, a pocket full of tokens.

                            EHR
                            email
                            2nd EHR
                            3rd EHR
                            4th EHR
                            5th EHR

                            it's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.

                            This is a joke right? You can use a token across multiple sites. Especially Yubikeys.

                            yeah I know you can with something like a Yubikey - but that assumes that the site supports Yubikeys -and our EHR only supports Symantec VIP tokens - super lame!

                            I'd argue it might work anyway. Yubikeys support up to 31 or so OATH-TOTP codes (like an RSA token or Google auth app type token). It also supports any number of u2f applications and two slots for TOTP/HOTP, hmac-SHA1, and GPG keys.

                            As long as the VIP tokens use some standard for the way it generates the TOTP token you can scan it/enter it with the Yubikey Authenticator app and have it manage that.

                            Interesting.. thanks.

                            It is the same for using Authy instead of Google Authenticator. A lot of sites only say Google Authenticator, but they all use standards, thus Authy works just fine.

                            Exactly. Anything that says it uses Google Authenticator, can also use MS Authenticator. Same standards as JB said.

                            DashrenderD 1 Reply Last reply Reply Quote 0
                            • DashrenderD
                              Dashrender @Obsolesce
                              last edited by

                              @Obsolesce said in MFA - who pays for authentication solution?:

                              @JaredBusch said in MFA - who pays for authentication solution?:

                              @Dashrender said in MFA - who pays for authentication solution?:

                              @stacksofplates said in MFA - who pays for authentication solution?:

                              @Dashrender said in MFA - who pays for authentication solution?:

                              @stacksofplates said in MFA - who pays for authentication solution?:

                              @Dashrender said in MFA - who pays for authentication solution?:

                              @IRJ said in MFA - who pays for authentication solution?:

                              Why not just supply hardware tokens? They are not that expensive.

                              for multiple sites? Just what everyone wants, a pocket full of tokens.

                              EHR
                              email
                              2nd EHR
                              3rd EHR
                              4th EHR
                              5th EHR

                              it's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.

                              This is a joke right? You can use a token across multiple sites. Especially Yubikeys.

                              yeah I know you can with something like a Yubikey - but that assumes that the site supports Yubikeys -and our EHR only supports Symantec VIP tokens - super lame!

                              I'd argue it might work anyway. Yubikeys support up to 31 or so OATH-TOTP codes (like an RSA token or Google auth app type token). It also supports any number of u2f applications and two slots for TOTP/HOTP, hmac-SHA1, and GPG keys.

                              As long as the VIP tokens use some standard for the way it generates the TOTP token you can scan it/enter it with the Yubikey Authenticator app and have it manage that.

                              Interesting.. thanks.

                              It is the same for using Authy instead of Google Authenticator. A lot of sites only say Google Authenticator, but they all use standards, thus Authy works just fine.

                              Exactly. Anything that says it uses Google Authenticator, can also use MS Authenticator. Same standards as JB said.

                              That part I know, but Symantec VIP uses their own what they call credential IDs, it's not a generic number like GA or MS auth uses... but I'll have to dig into it to see if it's cross compatible.

                              1 Reply Last reply Reply Quote 0
                              • 1
                              • 2
                              • 2 / 2
                              • First post
                                Last post