Educause Security Discussion mailing list archives
Re: Two-Factor Authentication
From: David Curry <david.curry () NEWSCHOOL EDU>
Date: Thu, 5 Sep 2013 12:30:56 -0400
We have two-factor authentication enabled for our domain - in the sense that we allow individual users to turn it on, not that we require them to. Unfortunately, it doesn't work if you're using single sign-on, such as a CAS server, as we are. It's documented not to work, so it's not a bug, but it's unfortunate. So you (as a user) can set up the Google Authenticator for your GAE account, but if your domain is using single sign-on, you'll never actually be prompted to use the Authenticator to sign in. :-( -- *DAVID A. CURRY, CISSP* • DIRECTOR OF INFORMATION SECURITY *THE NEW SCHOOL* • 55 W. 13TH STREET • NEW YORK, NY 10011 +1 212 229-5300 x4728 • david.curry () newschool edu On Thu, Sep 5, 2013 at 12:26 PM, Dennis Bolton <bolton () oakland edu> wrote:
We too are seeing an increase in compromised Gmail accounts. With the compromise limited to the Gmail side (e.g. we have the credentials trying to be used against other services). We also have not yet turned on two-factor authentication for our Google Apps domain and would be hearing feedback. Dennis Bolton Network Security Analyst Oakland University 248-370-4803 bolton () oakland edu On Thu, Sep 5, 2013 at 12:15 PM, Peter Setlak <psetlak () colgate edu> wrote:All, We are being hit with a number of compromised student Gmail accounts. We have not yet turned on two-factor authentication for our Google Apps domain. Has anyone here enabled this feature? Did users take to it? Was it mandatory or optional? How extensive was your campaign and communications to end-users? Were there major caveats, issues, etc? Has anyone implemented other solutions to combat this (or similar) issues? -- Thank you, Peter J. Setlak Managing Director, Networks, Systems & Operations Network Security Analyst, GSEC, GLEG Colgate University --- psetlak () colgate edu (315) 228-7151 Case-Geyer 180H (NSO Suite) skype: petersetlak Think *Green!* Please consider the environment before printing this email. *Engage with Colgate University: * News blog <http://blogs.colgate.edu/>, Twitter<https://twitter.com/#%21/colgateuniv> , Facebook <https://www.facebook.com/colgateuniversity>, Google+<https://plus.google.com/u/0/b/113333907606560373469/> , Delicious <http://www.delicious.com/colgatenewsmakers>, YouTube<http://www.youtube.com/cuatchannel13> , Flickr <http://www.flickr.com/photos/colgateuniversity/>, Pinterest<http://pinterest.com/colgateuniv/> , LinkedIn <http://www.linkedin.com/company/colgate-university/>-- Dennis Bolton Network Security Analyst Oakland University 2200 N Squirrel Road Rochester MI 48309 248-370-4803
Current thread:
- Two-Factor Authentication Peter Setlak (Sep 05)
- Re: Two-Factor Authentication Dennis Bolton (Sep 05)
- Re: Two-Factor Authentication David Curry (Sep 05)
- Re: Two-Factor Authentication Harry Hoffman (Sep 05)
- Re: Two-Factor Authentication Peter Setlak (Sep 05)
- Re: Two-Factor Authentication William G. Thompson, Jr. (Sep 09)
- Re: Two-Factor Authentication David Curry (Sep 05)
- Re: Two-Factor Authentication Dennis Bolton (Sep 05)
- Re: Two-Factor Authentication David Escalante (Sep 05)