Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Two-Factor Authentication: Quick Poll

From: "Thornton, Dallas" <dallas () SDSC EDU>
Date: Thu, 1 Mar 2012 18:55:45 +0000
Has anyone implemented SMS-based second factor auth via mobile phones? If so, what software? Costs? We're evaluating 
various options for adding a second factor to a very geographically distributed and changing user base. 

Best,

Dallas


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Rich 
Graves
Sent: Thursday, March 01, 2012 8:57 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Two-Factor Authentication: Quick Poll


1 Is your campus using, or does it plan to use, Two-Factor authentication for its most privileged users (e.g., system 
administrators logging in remotely)? 


Followup discussion has made it clear that you need to define "remotely."

If you define "remotely" as "from outside the campus or internal firewall boundary," yes, we are mostly there.

For internal network access, passwords win, due to limitations mentioned by Joel and others.

A GULP-like system is important regardless of the meaning of "remotely." We are also getting better at separating the 
everyday password (subject to phishing and malware) from privileged logons.


2 Do you think you should? 


Yes.
Previous By Date Next
Previous By Thread Next

Current thread: