Please add a row for your institution and fill in your data as best you can. If you are updating your data - please add a new row and fill in all the data again.
F = Fac, E = Staff
S = Student, O = Other,
A = Alum, H = Healthcare
for Token enroll
Yes / No / Comment
|1||20171109||example.edu||50,000 F, E, O||1.5 years||200 / 1000||yubikey/D100/C100/etc||100 / 500||100 / 500||24x7 / m-f 9-5||Yes - enroll only, no delete||We worried a great deal about tokens and they ended up not being an issue. OR - we don't support hardware tokens at all !!!!|
F, E, S, A, O
|2.3 years||2200/3060||yubikey |
handful of D100
Initial demand high with service rollout but considerably lower now in steady state. Common use will international travelers unwilling or able to bring cell phone. The logistics of distribution and tracking is painful paired with the pre-config of the secrets. Would be nice if U2F had better adoption and use in non-web apps like VPN clients -T. Gleason
|3||20171109||northwestern.edu||50,000 F,E,S,O||4 years||15 / 50||D100||50||0 / 0||No||There was plenty of discussion around tokens, but, other than a few cases, there is really no demand in the community. (from Safian, gettes entered)|
|4||20171109||umbc.edu||500 F,E||3 years||10/20||D100||10/20||0/0||8-6 m-f||No||We just obtained our site license for faculty and staff - thus the low enrollment. We will be doing our best to discourage token use. With that said, our IT department will most likely pick up the cost of any token purchases.|
|5||20171109||smu.edu||3,200 F,E||2 years||2/50||YubiKey 4||0/0||2/50||No||We've seen almost no interest in tokens after rollout to 100% of employees. Changes may come when we begin requiring Duo logon for students. We will soon begin an effort to increase the percentage of Duo Push authentications which is currently at 64%. Voice at 29%.|
|6||20171110||uncg.edu||540/20,000 F, E, S||2 years||72/250||D-100, handful of yubikey||68/246||4/4||24x7 / m-f 9-5||No for OTP, Yes for U2F||Our 2FA program is largely opt-in (so far). Initially there was a ton of demand for tokens as the University elected to not provide devices recommending the Duo Mobile's Push as the preferred mechanism and employees (thought they) wanted separation between work/personal life (we does not own/issue mobile phones). After answering by creating a token program with our ID center avail for purchase, there have been very few takers. The D-100 token was picked for ease of secrets handling and security's desire for a fully out of band token with no dependency on an internet connected device.|
|7||20171110||unc.edu||19,850 F,E,S,O||3 years||147/170||Yubikey (series 2, 4 and USB-C); Duo D100||6/20||141/150||24x7x365||No for OTP, Yes for U2F||Almost all of the keys that have been issued have been to our own IT staff. We have limited use of the keys outside of IT. We are currently reviewing our strategy for expanding or not to a larger population .|
|YubiKey, Duo D-100|
|2104/3740||24x7x365||yes for U2F and any OATH-compatible token||More use initially.|
|9||20171113||baylor.edu||31,096 F, E, S (includes admitted students once they have been accepted)||1.5 years||27/60 (started letting the University bookstore purchase & sell them)||Duo D-100||3 U2F (2 are from the same user)/0 (University does not purchase these)||0||8a-5p M-F||No, users have to call the Help Desk (working on self enrollment)||After loaning tokens out to faculty & staff on a permanent basis & student on a temporary basis when their phones were lost, broken, or stolen...but not getting them back, we decided to let the Baylor Bookstore sell Duo Tokens. We provided the Help Desk & Duo Admins with tokens & the Help Desk has a 2 extras that can be assigned to a faculty members account in an emergency to allow access once their identity is verified. We made this change when we moved 50+ services behind Duo in October 2017.|
F = 6,153
E = 7,289
S = 34,580
F & E = 2017-03-05
S = 2017-05-14
|1714/2080||Duo D-100||1714/2080||0/0||24x7x365||No||Tokens issued to anyone who requests.|
|11||20171113||temple.edu||F = ~4,800||1 year||2/15||Duo D-100||0/0||0/1||24x7x365*||No||We developed our own identity proofing and provisioning module and integrated with this with Ellucian's Banner Luminis/SSB Portal so clients can manage their own phones. Where possible, our goal is to avoid having users request a hardware token.|
|12||20171113||bekeley.edu||1846 F, E||6 months|
4/20 Duo D-100
|Yubikeys, Duo D-100||4/20 Duo D-100||28|
|Only for U2F|
Soft rollout throughout Fall 2017. No U2F support yet, waiting for FF. Hard token support planned; but at expense of the requester.
"active" users (have initialized their duo account):
About 4,500 of the above are also H as defined by our Google apps BAA.
|nearly 4 years||1500/2500||Duo D-100||1500/2500||0/0|
General help: 24x7x265
Problems requiring escalation: M-F 8-4:30
|Not for hardware tokens.|
A major motivation for supporting hardware tokens was similarity to our previous multifactor solution (Safeword Silver tokens), and allowing the 6,000 or so staff who were required to use them to continue using something familiar. Many chose to embrace other methods, though, and we continue to push people to use Push as the easiest/cheapest/etc. method.
We do not generally allow students and other non-Enterprise Application users get tokens (there has not been much, if any, demand, and we don't advertise them to those groups).
In a few cases, we have "strongly encouraged" high-usage users of phone callback or SMS methods to use tokens instead to save us money.