By
Nick Lewis - Internet2 Program Manager
Estimated reading time: 5 minutes
Finishing up the semester is a time to reflect on what has been accomplished during the past few months. One data point many campuses are monitoring is student enrollment in multifactor authentication (MFA).
The first time on campus for many students is the first time they set up their online accounts and enroll in a campus’s MFA to protect their accounts. One of the perennial hot topics in MFA on campus has been which institutions have enrolled students in MFA. To help answer that question, the NET+ Duo Service Advisory Board sponsored a MFA Community Survey.
In 2020, the NET+ Duo service advisory board sponsored an inaugural MFA Community Survey to better understand how their peers used MFA and published a report on the survey. The advisory board sponsored an updated survey in 2023, and more than 200 unique campuses responded. Next year, the NET+ Duo Program will publish a report highlighting the survey results, including a comparison between pre-pandemic usage of MFA and current usage.
In the meantime, one of the most requested pieces of data from this survey was around the Remember Me functionality. This function drives for many campuses how often people need to use MFA on their campus. The data for 2020 looked like:
We asked a more granular question in the 2023 survey, and the data for 2023 looked like:
The full report with additional analysis will be made available to NET+ Duo campuses. To request a copy, contact us at netplus@internet2.edu. Report highlights will be published for the entire community. Check back here for updates.
NET+ Duo Program Update and Feature Engagement
The NET+ Duo service advisory board has engaged with Duo a number of subjects this year. With some campuses navigating a service outage to start the year, The NET+ Duo Service Advisory Board discussed the outage with Duo to understand the steps Duo is taking to minimize the chance of future outages.
Another area the advisory board is engaging Duo is on passwordless, improving logging functionality, and introducing a new feature to support time-based one-time passwords (also known as TOTP). The advisory board received an update from the Duo Product Manager working on passwordless functionality in development in February and gave feedback on how it could be deployed by campuses. In April, the program worked with the community collecting feedback on Duo logging improvements to improve how campuses monitor Duo. In May, the advisory board met with the Duo Product Manager working on TOTP. The campuses helped Duo understand the importance of the functionality for campuses to address MFA phishing attacks. Duo went over an overview of potential plans to implement the proposed new functionality.
Finally, the NET+ Duo program has been actively engaging with Duo on new features in development and preparing a Duo Companion Guide for NET+ Duo campuses.
Duo Companion Guide: Got Questions? Need Updates?
Duo’s online documentation is excellent, and we recommend using the Duo Liftoff Guide as a good starting point. The NET+ Duo Program developed a Duo Companion Guide underscoring the higher education focused aspects and topics about which we’ve heard campuses have confusion or that have changed in the last several years, possibly impacting higher education. For example, there’s been significant confusion around TOTP vs. HOTP and the impact on MFA phishing related attacks. Many NET+ Duo campuses have been subscribed to the program for almost 10 years, and there may be new configuration options that could improve the security of their environments t. This document is intended to highlight areas for higher education institutions to consider when configuring global settings, with a focus on features available to all paid tiers of Duo (Essentials, Advantage, Premier). Please contact NET+ for a copy of this program resource.
Interested in MFA and Duo? Get Engaged!
The NET+ Duo Program has been actively engaging the higher education community to manage its relationship with this important vendor. The NET+ Duo Program is supported by campuses participating in the program to provide this important service for the community. The NET+ Duo Service Advisory Board will continue this engagement to provide oversight and direction for the program. If your campus is interested in supporting this engagement, please reach out to us for more information. We’re looking for additional campuses to participate in the NET+ Duo Service Advisory Board, so contact me if you’re interested in participating. I also like to hear your feedback and questions, so please reach out to me with feedback and questions.
ICYMI
About the Author(s)
Nick Lewis (CISSP) is a Program Manager for Security and Identity. Nick has held positions at Michigan State University, the University of Michigan, Children’s Hospital Boston, and was ISO at Saint Louis University. Nick holds an MS in Information Assurance from Norwich and Telecommunications from MSU.