I'm starting this to create a focused discussion around dual-factor authentication (AKA, multi-factor, many-factor). There are a lot of facets to consider with this beyond authentication and individual multi-factor providers such as: technology integrations, building blocks, cloud providers, external content, etc. How to best implement these items, and make them "usable" to the vast majority of users (usually students) is an interest of mine. I'm also interested in keeping our Tier 1 Support personnel from being flooded with password reset requests and questions regarding the 2FA process. These question will go beyond the technical, into the "why" it's being done.
We use Duo and have integrated it with our Shibboleth authentication. For now it's opt-in, but this Fall (2018) it'll go live for all Learn connections. I'm currently working with our Security group to define rule exceptions for automation, integrations and api connections.
What is everyone else doing and what issues are you running into? How are you over coming it?