Passwords are Dead (or how I learned to love my phone)

Slides:

Advertisements

Similar presentations

Integrated Healthcare Management system. Standards based design. [ Supports HXP (Health Exchange Protocol) a standard in exchanging health care data ]

Advertisements

Dear OpenID Santa This Christmas I wish…. To Accept OpenID Please find a way to allow users to login to clients apps Messenger Phone/apps Allow them to.

Security for Mobile Devices

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

1 Overview February Benefits Single information portal. Provides employees access to their personal information. Allows for real-time.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

BEN University Network Technology Proposal. Campus Wide Policies Password polices student/faculty IT Admin accounts Administrative access Hardware Access.

Multi-Factor Authentication Added protection for a more secure you Presenter: Jeff Penn.

Information Security The University of Texas at Dallas Education – Partnership – Solutions ISC Meeting April 10, 2015 Information Security

Flexible Network Access Overview. Flexible Access an Integral part of Universal Access Policy Universal Access to Campus IT Resources Managed LAN portsFlexible.

PKI-Enabled Applications That work! Linda Pruss Office of Campus Information Security

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

The Office of Information Technology Two-Factor Authentication.

Chapter 11: Dial-Up Connectivity in Remote Access Designs

Website Hardening HUIT IT Security | Sep

ACC Online Services and Online Registration. Guess What? Telephone Registration Has Gone Away...It Is Time To Go Online! Part 1: Obtaining Your ACCeID.

Information Security Technological Security Implementation and Privacy Protection.

Cloud Security Julian Lovelock VP, Product Marketing, HID Global.

Click here to begin HOW TO CREATE REFWORKS ACCOUNT.

Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.

Client Outcomes & Relationship Engagement Understanding and Preparing for CORE.

OFFICE OF BUDGET AND FINANCE Information Security Office ISC Meeting August 21, 2015 Information Security Office

Delivering Security for Mobile Device and Mobile Application Management INSERT MSP LOGO HERE.

Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite

Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.

VPN Security Policy By: Fred Cicilioni. VPN, or Virtual Private Network, is a protocol that allows remote access, allowing the user to connect to all.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Data Security Overview. Data Security Periphery –Firewalls –Web Filtering –Intrusion Detection & Prevention Internal –Virus Protection –Anti Spy-ware.

12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,

Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Access resources in a federation partner organization.

© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.

Remote Access Usages. Remote Desktop Remote desktop technology makes it possible to view another computer's desktop on your computer. This means you can.

1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.

Duo UI Demo Christopher Bongaarts. CONTEXT/MOTIVATION Two-factor auth already in use –“M Key” – Safeword Silver tokens, Safeword PremierAccess software.

SSO Challenge s Implementing Identity Management: ADFS and Azure AD Hugh Valentine Head of Business Development Cloud Point Steve Rastall Managing Director.

For the University of Kansas Medical Center How to sign up for RAVE Emergency Text Messaging.

Never let a serious crisis go to waste… Jason Belford (.08) January 2016.

SAP Employee Self Service Personal Data Overview Time Entry information not covered in this presentation.

Joe Knight’s Company VPN Policy. What is VPN? Virtual Private Network (VPN) will allow you all as users to remote into the network from home or anywhere.

Best Facebook Proxy Login Sites

EMS in action Hugh Simpson-Wells and Mark Riley 2016 Redmond Summit | Identity Without Boundaries

Securing the Cloud Authentication Perspective. Moving to the Cloud is like Moving your data from your own personal safe, to a safety deposit box.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Mail Password Recovery Find a place to fix Password recovery issue Gmail, MSN, Hotmail and Outlook.

From 0 to 34,000 Multifactor Users in Six Months

ArchPass Duo Presentation

Protect Manage Optimize Why LastPass Enterprise? Protect Manage Optimize.

 Xfinity is an American based company  Xfinity is basically a telecommunication company  They provide network services to the people of America  Xfinity.

Goodbye to Passwords.

9/13/2018 4:54 PM BRK How to get Office 365 to the next level with Azure Active Directory Premium Brjann Brekkan Program Manager Lead – Customer.

Recover Forgotten Gmail Password Call for Help

Gmail Tech Support Phone Number DIAL TOLL FREE NUMBER

CIO Council Identity and Access Management

Juno Password Reset Number

Juno Password Reset Number

Optus Password Reset Number

WELCOME TO EXODUS CUSTOMER SUPPORT NUMBER +1- (855)

Yahoo Customer Service | |Yahoo Mail Forgot Password

How can I Recover My Quicken Password

Technology Services Multi-Factor Authentication gsw

CLOUD COMPUTING SECURITY

Azure AD Application Proxy

How to Set up Remote Access to Personal U: drive

Sympatico Password Recovery

Login Page Requires three levels of authorization Group Name:

Internet Engineering Course

TeraGrid Identity Federation Testbed Update I2MM April 25, 2007

Anna Adams Martina Angela Sasse

Presentation transcript:

Passwords are Dead (or how I learned to love my phone)

What got us here? Breaches, breaches breaches Account & password sharing Tension between strong password policies and user acceptance Time it takes to crack a password

Source:

How did we start? YearEvent Pre-2011Faculty concern about access to benefit information Evaluation of existing technologies Evaluation of integration with Shib 2013Pilot with Duo 2013IT rollout 2014Direct deposit phishing incident Voluntary adoption + mandatory for some services

Our Approach 1.Focus on shibb’ed sites, but don’t forget other technologies (SSH, RDP, VPN) 2.Allow strength checking for multiple factors in shib 3.Build our own self-service interface 4.Provide options 5.Make it easy to recover

Our Approach (cont) Four-pronged rollout 1.Evangelize across campus for voluntary enrollment 2.Make mandatory for specific services (protected network) 3.Make mandatory for certain groups 4.Duke Medicine implemented a policy and mandatory enrollment by Aug 1

Multi-factor adoption over time

What’s Next? Mandatory for Duke Medicine remote access Mandatory for access (coming!) Solve the “thick client” problem for SAP and Peoplesoft Test how we can accept an “MFA” attribute from federation partners for shib logins.