Will MFA make my device susceptible to public records requests?
Although the verification codes are technically public records, they likely would be considered transient and therefore could be deleted by the employee after use. If there was a records request for the codes, the employee would be asked to provide any codes that still existed on their phone. Under current case law, if the completeness of the employee’s response to the request were challenged, the employee could be asked to provide an affidavit. Seizure of a phone is highly unlikely.
Multi-Factor Authentication (MFA) for myWSU
Close to 50,000 users per month are now successfully using the new Okta SSO system for many WSU websites and software applications.
Preparing for MFA in your Area: MFA Options
Users have five options available for MFA. Users should ideally select two of the following options. One option is required, but a second option can serve as a backup resource:
- Okta Verify Mobile App – Sends a push notification, or provides a unique code every 30 seconds, to approve authentication.
- Google Authenticator Mobile App – Generates a unique code every 30 seconds.
- SMS – Text message with a unique code is sent to the user’s phone number.
- Voice call – An automated message delivers a unique code to the user’s phone number (can be a home, mobile, or desk number).
- USB Security Key – Device (similar to a flash drive) that inserts into the computer’s USB port.