Conferences & Events
Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
Deploying Two-Factor Authentication Tokens
EDUCAUSE IT Communicators:
The University of Georgia is now piloting two-factor authentication with a token to ensure that faculty and staff with access to sensitive information have an additional layer of security to protect that data. Two-factor authentication requires "something you know" (your password) and "something you have" (a token that will generate a random, one-time code for users when they press a button) in order to access secure systems.
We're now piloting it among our central IT department employees (EITS), but we're working on plans to require it for specified staff and faculty throughout campus in the coming months. We still haven't determined exactly who will be required to use two-factor authentication (which departments, which employees, which systems, etc.).
I'm reaching out to fellow IT communicators that have been involved in the deployment in two-factor authentication with a token. Do you mind sharing your communications effort in that process? Unlike other initiatives, this process requires that we PHYSICALLY get the technology in the hands of lots of individuals.
Our plan is to have two communications plans for this effort â€” a general awareness campaign about two-factor authentication and the device that UGA will use, and a second campaign that targets those departments/employees that will be required to use two-factor authentication.
How did your university address these challenges (which we need to address in our communications efforts):
*Reaching employees with non-traditional schedules, such as night shift
*Reaching employees at satellite locations (secure method for deploying tokens)
*Earmarking staff resources for the initial deployment (did you have a specified "deployment team" to physically deliver tokens?)
*Earmarking staff resources AFTER deployment (a specified person/s? Help Desk?)
*Developing a mechanism on getting tokens to new employees (do you use a form-based website to submit requests for tokens? Do you require them to contact the Help Desk? Other methods?)
*Developing a mechanism for lost or missing tokens
*Developing a mechanism for employees who leave the university OR change departments (do they turn in the token if they change departments within the university?)
We have ideas for deployment, but I want to hear how other universities communicated this workflow change to their end users and any suggestions. In retrospect, are there things you would have done differently? How?
Just trying to tap into this great resource among fellow IT communicators!
Public Relations Coordinator
EITS (Enterprise Information Technology Services)
University of Georgia
176 Boyd Graduate Studies Research Center
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.