ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    MFA - who pays for authentication solution?

    Scheduled Pinned Locked Moved IT Discussion
    mfadashrender
    27 Posts 11 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DashrenderD
      Dashrender @IRJ
      last edited by

      @IRJ said in MFA - who pays for authentication solution?:

      Why not just supply hardware tokens? They are not that expensive.

      for multiple sites? Just what everyone wants, a pocket full of tokens.

      EHR
      email
      2nd EHR
      3rd EHR
      4th EHR
      5th EHR

      it's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.

      B IRJI stacksofplatesS 3 Replies Last reply Reply Quote 0
      • DustinB3403D
        DustinB3403 @Dashrender
        last edited by

        @Dashrender said in MFA - who pays for authentication solution?:

        But at the same time - we require people to have clothing for a job, and they aren't compensated for said clothing, so I don't see why they would need to be for a phone either - it's just part of the requirement to have this job.

        This would have to be declared at offer time. Now, the business could certain re-offer the position to the person with this new requirement (or let the person(s) go) but I doubt that would actually happen.

        Essentially renegotiating the position and job requirements.

        1 Reply Last reply Reply Quote 0
        • notverypunnyN
          notverypunny
          last edited by

          Clothing is a societal norm and as such is a ridiculous comparison. I'm of the opinion that if an employer requires a certain tool for the employee to perform their job, then it's up to the employer to either provide the tool or make arrangements with the employee for compensation / reimbursement.

          DashrenderD 1 Reply Last reply Reply Quote 0
          • DashrenderD
            Dashrender @notverypunny
            last edited by

            @notverypunny said in MFA - who pays for authentication solution?:

            Clothing is a societal norm and as such is a ridiculous comparison. I'm of the opinion that if an employer requires a certain tool for the employee to perform their job, then it's up to the employer to either provide the tool or make arrangements with the employee for compensation / reimbursement.

            There are many jobs where this simply isn't the case - case in point, many auto mechanics. Most auto mechanics I know who work in car dealerships/city bus depots, etc all have to furnish their own tools. Now, I have no idea if they are paid extra with the expectation that those extra funds are going toward tool purchase/replacement/upgrades, of if the amount offered is the same for shops that supply tools?

            1 Reply Last reply Reply Quote 1
            • B
              bnrstnr @Dashrender
              last edited by bnrstnr

              @Dashrender said in MFA - who pays for authentication solution?:

              for multiple sites? Just what everyone wants, a pocket full of tokens.

              Who cares? If they're going to cry about the tokens give them the option to use their phone. But the tokens are what the company supplies...

              IRJI 1 Reply Last reply Reply Quote 1
              • IRJI
                IRJ @Dashrender
                last edited by

                @Dashrender said in MFA - who pays for authentication solution?:

                @IRJ said in MFA - who pays for authentication solution?:

                Why not just supply hardware tokens? They are not that expensive.

                for multiple sites? Just what everyone wants, a pocket full of tokens.

                EHR
                email
                2nd EHR
                3rd EHR
                4th EHR
                5th EHR

                it's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.

                That's when you use a service like okta or jump cloud

                1 Reply Last reply Reply Quote 0
                • IRJI
                  IRJ @bnrstnr
                  last edited by

                  @bnrstnr said in MFA - who pays for authentication solution?:

                  @Dashrender said in MFA - who pays for authentication solution?:

                  for multiple sites? Just what everyone wants, a pocket full of tokens.

                  Who cares? If they're going to cry about the tokens give them the option to use their phone. But the tokens are what the company supplies...

                  I agree 100%. Give them the option. Most will choose their phone. I guarantee it

                  1 Reply Last reply Reply Quote 2
                  • DashrenderD
                    Dashrender
                    last edited by

                    Lol, yeah once we reach that point it would definitely be one way to get them to just accept using their own device with no added funds.

                    I’m not in a boat one way or the other...

                    It seems we have some that are clearly in one camp or the other though.

                    1 Reply Last reply Reply Quote 0
                    • wirestyle22W
                      wirestyle22
                      last edited by

                      I'm of the opinion that the company should provide users with anything that is required to do their job. In this case, if a mobile device is required for them to do their job then the company should provide the device. If it's not required then it's the users choice.

                      1 Reply Last reply Reply Quote 0
                      • stacksofplatesS
                        stacksofplates @Dashrender
                        last edited by

                        @Dashrender said in MFA - who pays for authentication solution?:

                        @IRJ said in MFA - who pays for authentication solution?:

                        Why not just supply hardware tokens? They are not that expensive.

                        for multiple sites? Just what everyone wants, a pocket full of tokens.

                        EHR
                        email
                        2nd EHR
                        3rd EHR
                        4th EHR
                        5th EHR

                        it's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.

                        This is a joke right? You can use a token across multiple sites. Especially Yubikeys.

                        DashrenderD 1 Reply Last reply Reply Quote 0
                        • DashrenderD
                          Dashrender @stacksofplates
                          last edited by

                          @stacksofplates said in MFA - who pays for authentication solution?:

                          @Dashrender said in MFA - who pays for authentication solution?:

                          @IRJ said in MFA - who pays for authentication solution?:

                          Why not just supply hardware tokens? They are not that expensive.

                          for multiple sites? Just what everyone wants, a pocket full of tokens.

                          EHR
                          email
                          2nd EHR
                          3rd EHR
                          4th EHR
                          5th EHR

                          it's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.

                          This is a joke right? You can use a token across multiple sites. Especially Yubikeys.

                          yeah I know you can with something like a Yubikey - but that assumes that the site supports Yubikeys -and our EHR only supports Symantec VIP tokens - super lame!

                          ObsolesceO stacksofplatesS 2 Replies Last reply Reply Quote 0
                          • ObsolesceO
                            Obsolesce @Dashrender
                            last edited by

                            @Dashrender said in MFA - who pays for authentication solution?:

                            and our EHR only supports Symantec VIP tokens - super lame!

                            Then why did you add that in the list if the only solution to that EHR is a Symantec VIP token? Then you already have the only MFA answer to that. Start there and see if everything else supports it. If not, then yeah, a pocket full of keys they shall get... or opt to use their phone.

                            1 Reply Last reply Reply Quote 0
                            • stacksofplatesS
                              stacksofplates @Dashrender
                              last edited by

                              @Dashrender said in MFA - who pays for authentication solution?:

                              @stacksofplates said in MFA - who pays for authentication solution?:

                              @Dashrender said in MFA - who pays for authentication solution?:

                              @IRJ said in MFA - who pays for authentication solution?:

                              Why not just supply hardware tokens? They are not that expensive.

                              for multiple sites? Just what everyone wants, a pocket full of tokens.

                              EHR
                              email
                              2nd EHR
                              3rd EHR
                              4th EHR
                              5th EHR

                              it's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.

                              This is a joke right? You can use a token across multiple sites. Especially Yubikeys.

                              yeah I know you can with something like a Yubikey - but that assumes that the site supports Yubikeys -and our EHR only supports Symantec VIP tokens - super lame!

                              I'd argue it might work anyway. Yubikeys support up to 31 or so OATH-TOTP codes (like an RSA token or Google auth app type token). It also supports any number of u2f applications and two slots for TOTP/HOTP, hmac-SHA1, and GPG keys.

                              As long as the VIP tokens use some standard for the way it generates the TOTP token you can scan it/enter it with the Yubikey Authenticator app and have it manage that.

                              DashrenderD 1 Reply Last reply Reply Quote 2
                              • DashrenderD
                                Dashrender @stacksofplates
                                last edited by

                                @stacksofplates said in MFA - who pays for authentication solution?:

                                @Dashrender said in MFA - who pays for authentication solution?:

                                @stacksofplates said in MFA - who pays for authentication solution?:

                                @Dashrender said in MFA - who pays for authentication solution?:

                                @IRJ said in MFA - who pays for authentication solution?:

                                Why not just supply hardware tokens? They are not that expensive.

                                for multiple sites? Just what everyone wants, a pocket full of tokens.

                                EHR
                                email
                                2nd EHR
                                3rd EHR
                                4th EHR
                                5th EHR

                                it's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.

                                This is a joke right? You can use a token across multiple sites. Especially Yubikeys.

                                yeah I know you can with something like a Yubikey - but that assumes that the site supports Yubikeys -and our EHR only supports Symantec VIP tokens - super lame!

                                I'd argue it might work anyway. Yubikeys support up to 31 or so OATH-TOTP codes (like an RSA token or Google auth app type token). It also supports any number of u2f applications and two slots for TOTP/HOTP, hmac-SHA1, and GPG keys.

                                As long as the VIP tokens use some standard for the way it generates the TOTP token you can scan it/enter it with the Yubikey Authenticator app and have it manage that.

                                Interesting.. thanks.

                                JaredBuschJ 1 Reply Last reply Reply Quote 0
                                • JaredBuschJ
                                  JaredBusch @Dashrender
                                  last edited by

                                  @Dashrender said in MFA - who pays for authentication solution?:

                                  @stacksofplates said in MFA - who pays for authentication solution?:

                                  @Dashrender said in MFA - who pays for authentication solution?:

                                  @stacksofplates said in MFA - who pays for authentication solution?:

                                  @Dashrender said in MFA - who pays for authentication solution?:

                                  @IRJ said in MFA - who pays for authentication solution?:

                                  Why not just supply hardware tokens? They are not that expensive.

                                  for multiple sites? Just what everyone wants, a pocket full of tokens.

                                  EHR
                                  email
                                  2nd EHR
                                  3rd EHR
                                  4th EHR
                                  5th EHR

                                  it's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.

                                  This is a joke right? You can use a token across multiple sites. Especially Yubikeys.

                                  yeah I know you can with something like a Yubikey - but that assumes that the site supports Yubikeys -and our EHR only supports Symantec VIP tokens - super lame!

                                  I'd argue it might work anyway. Yubikeys support up to 31 or so OATH-TOTP codes (like an RSA token or Google auth app type token). It also supports any number of u2f applications and two slots for TOTP/HOTP, hmac-SHA1, and GPG keys.

                                  As long as the VIP tokens use some standard for the way it generates the TOTP token you can scan it/enter it with the Yubikey Authenticator app and have it manage that.

                                  Interesting.. thanks.

                                  It is the same for using Authy instead of Google Authenticator. A lot of sites only say Google Authenticator, but they all use standards, thus Authy works just fine.

                                  ObsolesceO 1 Reply Last reply Reply Quote 2
                                  • ObsolesceO
                                    Obsolesce @JaredBusch
                                    last edited by

                                    @JaredBusch said in MFA - who pays for authentication solution?:

                                    @Dashrender said in MFA - who pays for authentication solution?:

                                    @stacksofplates said in MFA - who pays for authentication solution?:

                                    @Dashrender said in MFA - who pays for authentication solution?:

                                    @stacksofplates said in MFA - who pays for authentication solution?:

                                    @Dashrender said in MFA - who pays for authentication solution?:

                                    @IRJ said in MFA - who pays for authentication solution?:

                                    Why not just supply hardware tokens? They are not that expensive.

                                    for multiple sites? Just what everyone wants, a pocket full of tokens.

                                    EHR
                                    email
                                    2nd EHR
                                    3rd EHR
                                    4th EHR
                                    5th EHR

                                    it's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.

                                    This is a joke right? You can use a token across multiple sites. Especially Yubikeys.

                                    yeah I know you can with something like a Yubikey - but that assumes that the site supports Yubikeys -and our EHR only supports Symantec VIP tokens - super lame!

                                    I'd argue it might work anyway. Yubikeys support up to 31 or so OATH-TOTP codes (like an RSA token or Google auth app type token). It also supports any number of u2f applications and two slots for TOTP/HOTP, hmac-SHA1, and GPG keys.

                                    As long as the VIP tokens use some standard for the way it generates the TOTP token you can scan it/enter it with the Yubikey Authenticator app and have it manage that.

                                    Interesting.. thanks.

                                    It is the same for using Authy instead of Google Authenticator. A lot of sites only say Google Authenticator, but they all use standards, thus Authy works just fine.

                                    Exactly. Anything that says it uses Google Authenticator, can also use MS Authenticator. Same standards as JB said.

                                    DashrenderD 1 Reply Last reply Reply Quote 0
                                    • DashrenderD
                                      Dashrender @Obsolesce
                                      last edited by

                                      @Obsolesce said in MFA - who pays for authentication solution?:

                                      @JaredBusch said in MFA - who pays for authentication solution?:

                                      @Dashrender said in MFA - who pays for authentication solution?:

                                      @stacksofplates said in MFA - who pays for authentication solution?:

                                      @Dashrender said in MFA - who pays for authentication solution?:

                                      @stacksofplates said in MFA - who pays for authentication solution?:

                                      @Dashrender said in MFA - who pays for authentication solution?:

                                      @IRJ said in MFA - who pays for authentication solution?:

                                      Why not just supply hardware tokens? They are not that expensive.

                                      for multiple sites? Just what everyone wants, a pocket full of tokens.

                                      EHR
                                      email
                                      2nd EHR
                                      3rd EHR
                                      4th EHR
                                      5th EHR

                                      it's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.

                                      This is a joke right? You can use a token across multiple sites. Especially Yubikeys.

                                      yeah I know you can with something like a Yubikey - but that assumes that the site supports Yubikeys -and our EHR only supports Symantec VIP tokens - super lame!

                                      I'd argue it might work anyway. Yubikeys support up to 31 or so OATH-TOTP codes (like an RSA token or Google auth app type token). It also supports any number of u2f applications and two slots for TOTP/HOTP, hmac-SHA1, and GPG keys.

                                      As long as the VIP tokens use some standard for the way it generates the TOTP token you can scan it/enter it with the Yubikey Authenticator app and have it manage that.

                                      Interesting.. thanks.

                                      It is the same for using Authy instead of Google Authenticator. A lot of sites only say Google Authenticator, but they all use standards, thus Authy works just fine.

                                      Exactly. Anything that says it uses Google Authenticator, can also use MS Authenticator. Same standards as JB said.

                                      That part I know, but Symantec VIP uses their own what they call credential IDs, it's not a generic number like GA or MS auth uses... but I'll have to dig into it to see if it's cross compatible.

                                      1 Reply Last reply Reply Quote 0
                                      • 1
                                      • 2
                                      • 1 / 2
                                      • First post
                                        Last post