@tinker Then it takes an additional step to add Persona to an enrollment policy.

You could (if you're stupid) add this to the Global/default enrollment policy. Or (if you're a decent human), create an enrollment policy for a portion of the user population who will pilot the process and provide feedback.

Organizations can carve out parts of their user population to use Persona during enrollment or not use Persona.

Chances are, if an org is enabling Persona globally, their support team is outsourced and not in touch with their users or the users' managers.

If users presents themselves to a manager who knows them, while wearing an Id card...what more do you need for verification?

@tinker The organization must create an account with Persona and drop API keys into Duo.

Admins do nothing, and there is no integration. (see screen shot)

Duo can't create a Persona domain and force an org into using it.

@SRLevine The DMV wants it back because people buy them or steal them when they can't get one issued legitimately.

If I lost a hanging placard, I probably would have no idea where it fell out. You're supposed to remove them from the mirror when you drive. So door pockets are a convenient place to put them. I would also equally suspect that somebody immediately picked it up and is trying to use it or sell it. So I'd go to the DMV for a replacement.

@accidentalciso Today's youth are both:

• more aware of indicators of scams and threats to privacy

and

• more likely to participate for a cheap reward, virtual game trophy, or promise of a few dollars on a gift card

@PogoWasRight @campuscodi

"...Medimap...did not have two-factor authentication..."
--nurse in affected facility

Of course, it may have, but by a mechanism unknown to the staff. But usually those mechanisms are a downgrade to accountability for the sake of convenience, like allow-listed IP addresses.