Educause Security Discussion mailing list archives
Re: Two-Factor Authentication: Quick Poll
From: "Schumacher, Adam J." <adamschumacher () CREIGHTON EDU>
Date: Fri, 2 Mar 2012 23:12:00 +0000
We've used the Twilio (http://www.twilio.com/) API to send SMSes for 2 factor when resetting passwords, though not for actual authentication (yet). Since it is just an API, you could program it to do "anything" you want. You can also send/receive voice calls using their service. Rates are pretty low too. I think we started paying .03 per sms sent, and the price actually went down to .01. We also utilize them as an alerting mechanism in our monitoring environment. (we have an offsite monitoring system in case on-campus WAN connectivity is down). sha1( Adam Schumacher Information Security Engineer Creighton University Don't share your password with ANYONE, EVER. This means YOU! 402-280-2383 402-672-1732 ) = 1a72637cf94189654ab1a827520a5e41738f41b0
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Thornton, Dallas Sent: Thursday, March 01, 2012 12:56 To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Two-Factor Authentication: Quick Poll Has anyone implemented SMS-based second factor auth via mobile phones? If so, what software? Costs? We're evaluating various options for adding a second factor to a very geographically distributed and changing user base. Best, Dallas -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Rich Graves Sent: Thursday, March 01, 2012 8:57 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Two-Factor Authentication: Quick Poll1 Is your campus using, or does it plan to use, Two-Factor authentication forits most privileged users (e.g., system administrators logging in remotely)? Followup discussion has made it clear that you need to define "remotely." If you define "remotely" as "from outside the campus or internal firewall boundary," yes, we are mostly there. For internal network access, passwords win, due to limitations mentioned by Joel and others. A GULP-like system is important regardless of the meaning of "remotely." We are also getting better at separating the everyday password (subject to phishing and malware) from privileged logons.2 Do you think you should?Yes.
Current thread:
- Re: Two-Factor Authentication: Quick Poll, (continued)
- Re: Two-Factor Authentication: Quick Poll Wayne S. Martin (Feb 27)
- Re: Two-Factor Authentication: Quick Poll Bret Ingerman (Feb 27)
- Re: Two-Factor Authentication: Quick Poll Miller,James R (Feb 27)
- Re: Two-Factor Authentication: Quick Poll Benjamin Stein (Feb 27)
- Re: Two-Factor Authentication: Quick Poll Bates, Cathy C - (cbates) (Feb 27)
- Re: Two-Factor Authentication: Quick Poll Christopher Jones (Feb 27)
- Re: Two-Factor Authentication: Quick Poll Hugh Burley (Feb 28)
- Re: Two-Factor Authentication: Quick Poll Rich Graves (Mar 01)
- Re: Two-Factor Authentication: Quick Poll Thornton, Dallas (Mar 01)
- Re: Two-Factor Authentication: Quick Poll Sarazen, Daniel (Mar 01)
- Re: Two-Factor Authentication: Quick Poll Schumacher, Adam J. (Mar 02)
- Re: Two-Factor Authentication: Quick Poll Thornton, Dallas (Mar 01)
- Re: Two-Factor Authentication: Quick Poll Joel Rosenblatt (Feb 27)
- Re: Two-Factor Authentication: Quick Poll Bret Ingerman (Feb 27)
- Re: Two-Factor Authentication: Quick Poll Joel Rosenblatt (Feb 27)
- Re: Two-Factor Authentication: Quick Poll Bret Ingerman (Feb 27)
- Re: Two-Factor Authentication: Quick Poll Gary Flynn (Feb 28)
- Re: Two-Factor Authentication: Quick Poll Sarazen, Daniel (Feb 28)
- Re: Two-Factor Authentication: Quick Poll Joel Rosenblatt (Feb 28)
- Re: Two-Factor Authentication: Quick Poll Gary Flynn (Feb 28)
- Re: Two-Factor Authentication: Quick Poll Joel Rosenblatt (Feb 28)
- Re: Two-Factor Authentication: Quick Poll Chris Green (Feb 29)
- Re: Two-Factor Authentication: Quick Poll Bret Ingerman (Feb 27)