Discussions

ATLIS Peeps, 

The most recent Snapshot from NAIS discusses Phone Regulations.  Our school is moving towards a phone free campus in our US with some senior privileges built into it.  At the surface I am in complete agreement with the policy but by the same token, our tech team started drilling into what this means for cybersecurity.  With mounting pressure on having MFA in place for our upper school students, we are challenged by the need to limit phone use and also provide necessary data protection-both are life skills.  As a Google School, we recognize that students can have their BYO laptop remember the device but there will certainly be many instances when confirmation is needed via text or authenticator app.

Has anyone started having discussions about this challenge? Any schools considering using Titan Keys? Who should pay for these keys?

Thanks,

Hiram

Hi Hiram,

We haven't discussed this any further than "oof, that'll be interesting!"

I recall in a podcast over the past year, hearing that many platforms will now require MFA including Microsoft, as announced here: https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/microsoft-will-require-mfa-for-all-azure-users/ba-p/4140391

It seems that platforms are passing the buck to schools, and there will likely be 3rd parties coming in to fill the gap. Clever is creating its own MFA solution: https://www.clever.com/products/clever-mfa

ATLIS Peeps, 

The most recent Snapshot from NAIS discusses Phone Regulations.  Our school is moving towards a phone free campus in our US with some senior privileges built into it.  At the surface I am in complete agreement with the policy but by the same token, our tech team started drilling into what this means for cybersecurity.  With mounting pressure on having MFA in place for our upper school students, we are challenged by the need to limit phone use and also provide necessary data protection-both are life skills.  As a Google School, we recognize that students can have their BYO laptop remember the device but there will certainly be many instances when confirmation is needed via text or authenticator app.

Has anyone started having discussions about this challenge? Any schools considering using Titan Keys? Who should pay for these keys?

Thanks,

Hiram

Hey Hiram. I'll share our experience. We also have some issues with cell phone usage but nothing too major. We are US-only. We required MFA for our US students years ago (Probably ~2021). For Employees and Students we always recommend using the Authenticator app (Microsoft for our IDP) but have the ability to also add a cell phone SMS number. This school year, for Employees, we removed SMS as an authentication method (with lots of training and advance notice, of course). We haven't had many issues. Next year, we'll be doing the same thing for students, requiring the Authenticator app and removing SMS as a method. This will greatly increase security and reduce the issues with international students who travel back home and can't use their US numbers in home countries.

Hi Hiram,

We haven't discussed this any further than "oof, that'll be interesting!"

I recall in a podcast over the past year, hearing that many platforms will now require MFA including Microsoft, as announced here: https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/microsoft-will-require-mfa-for-all-azure-users/ba-p/4140391

It seems that platforms are passing the buck to schools, and there will likely be 3rd parties coming in to fill the gap. Clever is creating its own MFA solution: https://www.clever.com/products/clever-mfa

ATLIS Peeps, 

The most recent Snapshot from NAIS discusses Phone Regulations.  Our school is moving towards a phone free campus in our US with some senior privileges built into it.  At the surface I am in complete agreement with the policy but by the same token, our tech team started drilling into what this means for cybersecurity.  With mounting pressure on having MFA in place for our upper school students, we are challenged by the need to limit phone use and also provide necessary data protection-both are life skills.  As a Google School, we recognize that students can have their BYO laptop remember the device but there will certainly be many instances when confirmation is needed via text or authenticator app.

Has anyone started having discussions about this challenge? Any schools considering using Titan Keys? Who should pay for these keys?

Thanks,

Hiram

Nick,

Thanks for your note.  So here is the rub, the authenticator app requires students to have access to their phones.  Are you using a web based authenticator app?  

Our struggle is how to authenticate when phones have been removed from the equation as a means to improve wellness.  There seems to be a need to balance wellness and security/privacy.  So far, Dan's Clever solution seems like a good alternative to the Titan Keys.

Cheers,

H

Hey Hiram. I'll share our experience. We also have some issues with cell phone usage but nothing too major. We are US-only. We required MFA for our US students years ago (Probably ~2021). For Employees and Students we always recommend using the Authenticator app (Microsoft for our IDP) but have the ability to also add a cell phone SMS number. This school year, for Employees, we removed SMS as an authentication method (with lots of training and advance notice, of course). We haven't had many issues. Next year, we'll be doing the same thing for students, requiring the Authenticator app and removing SMS as a method. This will greatly increase security and reduce the issues with international students who travel back home and can't use their US numbers in home countries.

Hi Hiram,

We haven't discussed this any further than "oof, that'll be interesting!"

I recall in a podcast over the past year, hearing that many platforms will now require MFA including Microsoft, as announced here: https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/microsoft-will-require-mfa-for-all-azure-users/ba-p/4140391

It seems that platforms are passing the buck to schools, and there will likely be 3rd parties coming in to fill the gap. Clever is creating its own MFA solution: https://www.clever.com/products/clever-mfa

ATLIS Peeps, 

The most recent Snapshot from NAIS discusses Phone Regulations.  Our school is moving towards a phone free campus in our US with some senior privileges built into it.  At the surface I am in complete agreement with the policy but by the same token, our tech team started drilling into what this means for cybersecurity.  With mounting pressure on having MFA in place for our upper school students, we are challenged by the need to limit phone use and also provide necessary data protection-both are life skills.  As a Google School, we recognize that students can have their BYO laptop remember the device but there will certainly be many instances when confirmation is needed via text or authenticator app.

Has anyone started having discussions about this challenge? Any schools considering using Titan Keys? Who should pay for these keys?

Thanks,

Hiram

Hi Hiram,

We haven't discussed this any further than "oof, that'll be interesting!"

I recall in a podcast over the past year, hearing that many platforms will now require MFA including Microsoft, as announced here: https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/microsoft-will-require-mfa-for-all-azure-users/ba-p/4140391

It seems that platforms are passing the buck to schools, and there will likely be 3rd parties coming in to fill the gap. Clever is creating its own MFA solution: https://www.clever.com/products/clever-mfa

ATLIS Peeps, 

The most recent Snapshot from NAIS discusses Phone Regulations.  Our school is moving towards a phone free campus in our US with some senior privileges built into it.  At the surface I am in complete agreement with the policy but by the same token, our tech team started drilling into what this means for cybersecurity.  With mounting pressure on having MFA in place for our upper school students, we are challenged by the need to limit phone use and also provide necessary data protection-both are life skills.  As a Google School, we recognize that students can have their BYO laptop remember the device but there will certainly be many instances when confirmation is needed via text or authenticator app.

Has anyone started having discussions about this challenge? Any schools considering using Titan Keys? Who should pay for these keys?

Thanks,

Hiram

ATLIS Peeps, 

The most recent Snapshot from NAIS discusses Phone Regulations.  Our school is moving towards a phone free campus in our US with some senior privileges built into it.  At the surface I am in complete agreement with the policy but by the same token, our tech team started drilling into what this means for cybersecurity.  With mounting pressure on having MFA in place for our upper school students, we are challenged by the need to limit phone use and also provide necessary data protection-both are life skills.  As a Google School, we recognize that students can have their BYO laptop remember the device but there will certainly be many instances when confirmation is needed via text or authenticator app.

Has anyone started having discussions about this challenge? Any schools considering using Titan Keys? Who should pay for these keys?

Thanks,

Hiram