Open ATMiddleton opened 17 hours ago
Vicki Caruso Thursday at 10:49 AM @Kimberley Monroe-Daniels This case was sent to Theresa Hancock. We need to get this resolved asap, but OIT is working on getting an extension. :+1::skin-tone-5: 1
Samara Strauss :computer: Thursday at 2:05 PM I've read through this and have a few things: MFA makes login more secure, and we're not getting rid of it. This is in an effort to help protect veterans' accounts and help prevent fraud. This veteran says they have a landline and seems comfortable getting calls with the MFA code, so that is good. The issue sounds like this doesn't work for them when they are out of the house. Unfortunately, if the veteran does not have a smartphone, the only way to login to MHV if he's on someone else's computer outside of his house is with a security key. This is not something I would recommend to someone who is not tech savvy. :eyes: 2
Kimberley Monroe-Daniels :red-x: Thursday at 3:12 PM Hey ladies! First, thank you @Samara (She/Her) for passing that information along. I understand the concerns surrounding the security key process, but responding with 'this is your only option' is something I'm not going to do, especially after reading that letter to Mrs. Harris. I will explain the security key process is less than ideal for someone that isn't tech savvy and although it's an option, it should be the last resort. I will mention a cell phone, even if it's a Jitterbug phone, in order to receive the code. It doesn't have to be a smart phone. I'll start there and see what the response is. (edited) :eyes: 1 :heart: 1
Samara Strauss :computer: Thursday at 3:28 PM Thanks, @Kimberley Monroe-Daniels . Agree with being considerate and kind in the response. I just wanted to make sure everyone here knew the lay of the land. I wish there was more we could do for folks without smart phones. :heart: 2
Vicki Caruso Thursday at 3:54 PM Wish there was a device like a beeper (might be calling out my age lol) to receive a code. That would be a great little device for veterans that do not have cell phones where their landline is connected to the beeper; after verifying their identity, the code is sent.
Lauren Alexanderson (she /her) :spiral_calendar_pad: Thursday at 5:17 PM It may or may not be worth noting particularly in the fraud line that HIPAA is considering new security regs that require the use of MFA to authenticate to view personal health information. :eyes: 2
Lauren Alexanderson (she /her) :spiral_calendar_pad: Thursday at 5:23 PM I'm curious based on reading this letter where else this Veteran may have tried to access MHV besides at home if they have never had a cell phone. Maybe at the facility with a coordinator? I think that would be helpful for suggesting alternate MFA options. The security key for sure, the backup codes are another, possibly an authentication app if they are trying to access just at home on a desktop app (1 password, OTP Manager for example) :eyes: 1
Kimberley Monroe-Daniels :red-x: Thursday at 10:16 PM Hi Lauren! Thanks for chiming in! I'd love to explore additional options for older Veterans that do not want or have a cell phone. As Vicki mentioned, other possibilities for logging in; possibly having a TOTP or a Yubikey sent to those Veterans that request it. I don't have all the answers, but we have some amazing brains at the VA, so I'm confident that something could be done to help assist this small population of Veterans experiencing this type of challenge. :eyes: 1 :heart: 1
Lauren Alexanderson (she /her) :spiral_calendar_pad: Friday at 8:47 AM In responding to this, I would just highlight different options someone has BESIDES a mobile phone to do multi-factor auth. :+1::skin-tone-5: 1
Vicki Caruso Yesterday at 9:01 AM @Kimberley Monroe-Daniels Good Morning, any update on this? Have a great day :slightly_smiling_face:
Issue Description
Difficulty with the new ID.me/Login.gov login process
https://app.slack.com/client/T03FECE8V/C02BS78NYRM
Tasks
Acceptance Criteria
How to configure this issue
product support
,analytics-insights
,operations
,service-design
,Console-Services
,tools-fe
)backend
,frontend
,devops
,design
,research
,product
,ia
,qa
,analytics
,contact center
,research
,accessibility
,content
)bug
,request
,discovery
,documentation
, etc.)