Educause Security Discussion mailing list archives
Re: Two-factor Authentication
From: Josh Drummond <jdrummon () UCI EDU>
Date: Tue, 15 Jan 2013 18:45:17 -0800
I looked into the possibilities of two-factor authentication being implemented with Google Authenticator / OATH protocols recently too. It is simple to configure on a single machine, using an open standard, and its free, who can beat that. But then I started thinking about enterprise wide deployment and how it compares with <insert vendor here>. It is missing the infrastructure that you'd have to build yourself (or would make a great separate open source application I have yet to find) for centrally managing identities, provisioning them to a system, giving users a web based interface to install the seed or QR code onto their mobile device, activate/deactivate/regenerate the Google authenticator "backup codes", and then provision those out to the endpoints, etc. Of course all of the Google services have this under the umbrella of the account security options, but that can't be reused for your systems. In short, a lot of the pieces are there, it would be interesting to see it fully baked in an enterprise environment.
Thanks, ~Josh On 1/15/13 3:45 PM, Drew Perry wrote:
We are in the process of implementing Google Authenticator for 2-factor authentication in both SSH and VDI authentication. A big reason for choosing Google was, as a Google Apps for Education user, we were already using it for email auth. And secondly, it's free. That being said we have not finished implementation, so I may have more thoughts at week's end.Sent from my phone. Drew Perry Security Analyst Murray State University (270) 809-4414 aperry () murraystate edu <mailto:aperry () murraystate edu>On Jan 15, 2013 4:54 PM, "JR Ramirez" <jrramirez30 () gmail com <mailto:jrramirez30 () gmail com>> wrote:We currently use SafeNet SafeWord to provide stand-alone RADIUS authentication for our PCI environment (we are planning to integrate with our AD). We currently use Citrix as the front-end web piece; our Network Team also tie in their PCI network devices. SafeNet is in the top quadrant on the Gartner scale and works fairly well for us -- they have soft token apps for Blackberry and iPhone (not sure about Android). JR On Tue, Jan 15, 2013 at 3:25 PM, Wright, A J (A. J.) <ajw () tennessee edu <mailto:ajw () tennessee edu>> wrote: Obviously, we first prioritized moving our SAQ-D systems to less risky processes that don’t require MFA. For the ones that were left, we’ve used Duo Security’s MFA solution. It has been pretty painless: inexpensive, easy to manage, and it does what it says on the tin. I like it enough that we’re considering implementing it elsewhere. Countdown to the Duo sales call … ajw -- *A. J. Wright *Chief Information Security Officer University of Tennessee – System Administration 2309 Kingston Pike, Suite 131C Knoxville, TN 37996-1717 Phone: 865-974-0637 <tel:865-974-0637> Email: ajw () tennessee edu <mailto:ajw () tennessee edu> *From:*The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU>] *On Behalf Of *McClenon, Brady *Sent:* Tuesday, January 15, 2013 1:42 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> *Subject:* [SECURITY] Two-factor Authentication I’m wondering if anyone is willing to share what methods/products their institution is using to facilitate two-factor authentication for PCI-DSS compliance, or I suppose even if your usage has nothing to do with PCI. Brady McClenon Senior Server Administrator Applications Research & Development Information Technology Services SUNY College at Oneonta 607-436-3203 <tel:607-436-3203> “Quotes found on the internet are not always accurate.” - Abraham Lincoln
-- *Josh Drummond* Manager - IT Security & Architecture Office of Information Technology University of California, Irvine Email: jdrummon () uci edu <mailto:jdrummon () uci edu> Phone: 949.824.9574
Current thread:
- Two-factor Authentication McClenon, Brady (Jan 15)
- Re: Two-factor Authentication Wright, A J (A. J.) (Jan 15)
- Re: Two-factor Authentication JR Ramirez (Jan 15)
- Re: Two-factor Authentication Drew Perry (Jan 15)
- Re: Two-factor Authentication Josh Drummond (Jan 15)
- Re: Two-factor Authentication JR Ramirez (Jan 15)
- Re: Two-factor Authentication Wright, A J (A. J.) (Jan 15)
- Re: Two-factor Authentication Doug Markiewicz (Jan 16)