Enhancing Security with Multi-Factor Authentication in IAM

Slide Note
Embed
Share

Multi-Factor Authentication (MFA) is crucial for protecting sensitive accounts, online infrastructure, and research data within Identity and Access Management (IAM) systems. MFA adds an extra layer of security by requiring additional verification factors like one-time passcodes and recovery codes. Users and administrators can customize MFA settings, enabling secure access control and reducing the risk of unauthorized account access.

elspeth
elspeth Follow

Uploaded on Jul 23, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Multi-factor Authentication for the IAM Sam Glendenning STFC

  2. What is MFA? Providing an additional login factor to verify your identity One-time usage passcode or hyperlink Why so important? Login credentials alone may not be enough for account security The IAM protects: Sensitive accounts Important online infrastructure Sensitive research data

  3. Objectives for MFA in the IAM Easily enabled on any new or existing IAM instantiation Customisable by an IAM admin based on wants and needs Safe and secure Adoptable by everyone

  4. Workflow Individual users may decide whether or not they want MFA to be enabled on their account However, an IAM administrator may enforce MFA on all of their user accounts if they wish Once implemented, users will enable MFA in their account settings They can then control their MFA settings through their account settings page

  5. Multi-factor secret key MFA will initially be available through the use of an authenticator app for mobile devices Examples include Google Authenticator, Microsoft Authenticator, Authy, etc. These apps allow for a QR code containing an MFA secret (plus additional account details) to be scanned and imported through the device s camera (alternatively, the user can manually enter this information) This secret can then be used by the app to generate time-based one-time passwords every 30 seconds The IAM also possesses this secret so both the user s app and IAM generate the same passwords at the same time Thus, this can be used for verification of the user

  6. Recovery codes To prevent account lockout in the event of the user losing access to their mobile device, emergency scratch codes are generated for the user s account These are single-use passwords used in conjunction with the main account password to restore access They are regenerated when used and can be regenerated whenever the user wishes Scratch codes can be viewed at any time in the account settings

  7. Information Security Multi-factor secrets and emergency scratch codes are stored in a secure database All sensitive information is hashed and/or encrypted to a high standard Users have control over their multi-factor settings Can enable/disable MFA as they please (if their federation allows it) Can regenerate scratch codes at their leisure Accounts will be locked after a number of failed attempts Step up authentication - prompt for another one-time passcode if performing certain actions

  8. Current progress I am the primary developer implementing multi-factor authentication to the IAM. Main work so far is a basic prototype of a user login system using multi-factor authentication and scratch codes Java Spring Boot framework (highly customisable and flexible) Entirely localised authentication (no need for external APIs for code verification or QR code generation) MFA using a soft token through an authenticator app Accounts can choose to enable or disable MFA This can then be implemented into the IAM codebase

  9. Targets (not necessarily in this order) Implement prototype work into IAM codebase Solution needs to be flexible to allow: Expansion of supported factors of authentication (email, YubiKey, WebAuthn, etc.) Individual identity providers to customise their MFA setup (if they choose to enable MFA at all) Analyse solution for security flaws and carry out risk assessments Document and test Communicate with end users to gather thoughts and feedback Release in a few months

  10. Questions? Facebook: Science and Technology Facilities Council Twitter:@STFC_matters YouTube: Science and Technology Facilities Council

Related


Understanding Blood Clotting Factors in the Human Body

Understanding Blood Clotting Factors in the Human Body

matilda
Update on Computing and IAM Service Developments in WLCG/HSF Workshop

Update on Computing and IAM Service Developments in WLCG/HSF Workshop

amon
Guide to Setting Up EU Login and Two-Factor Authentication

Guide to Setting Up EU Login and Two-Factor Authentication

wolfgang
Enhancing Security with Two-Factor Authentication in Funding & Tenders Portal

Enhancing Security with Two-Factor Authentication in Funding & Tenders Portal

torquil
Enhancing Security with Multi-Factor Authentication for NHS Mail Users

Enhancing Security with Multi-Factor Authentication for NHS Mail Users

bernice
UTORMFA: Enhancing Security with Multi-Factor Authentication at University of Toronto

UTORMFA: Enhancing Security with Multi-Factor Authentication at University of Toronto

alexa
Importance of Multi-Factor Authentication in Ensuring Data Security

Importance of Multi-Factor Authentication in Ensuring Data Security

merle
Security and Authentication in Electronic Filing Systems: Arkansas Subcommittee Report

Security and Authentication in Electronic Filing Systems: Arkansas Subcommittee Report

harri
Two-Step Authentication Implementation for Enhanced Security

Two-Step Authentication Implementation for Enhanced Security

lumina
IGX Orientation 2023: Logging In, Two-Factor Authentication, Dashboard Setup

IGX Orientation 2023: Logging In, Two-Factor Authentication, Dashboard Setup

astoria
Understanding Spearman's Two-Factor Theory

Understanding Spearman's Two-Factor Theory

wilhelmina
Implementing 2FA for UW Azure AD: Best Practices and Options

Implementing 2FA for UW Azure AD: Best Practices and Options

adlai
2022 Thales Access Management Index

2022 Thales Access Management Index

star
WFDSS Login Changes and New authentication Process Overview

WFDSS Login Changes and New authentication Process Overview

bandit
Theories of Intelligence: Monarchie vs. Spearman's Two-Factor Theory

Theories of Intelligence: Monarchie vs. Spearman's Two-Factor Theory

celine
Understanding the Concept of Return to Factor in Production Economics

Understanding the Concept of Return to Factor in Production Economics

danae
BCA 601(N): Computer Network Security

BCA 601(N): Computer Network Security

danna
Understanding Transport Layer Security (TLS)

Understanding Transport Layer Security (TLS)

amabel
IEEE 802.11-20/0772r2 Multi-Link Elements Overview

IEEE 802.11-20/0772r2 Multi-Link Elements Overview

brantley
Understanding the Role of Security Champions in Organizations

Understanding the Role of Security Champions in Organizations

irvin
O3 Access Control Solution Overview

O3 Access Control Solution Overview

mani
Challenges in DUNE Computing: Addressing Authentication and Authorization Needs

Challenges in DUNE Computing: Addressing Authentication and Authorization Needs

novalee
Security and Privacy in 3G/4G/5G Networks: The AKA Protocol

Security and Privacy in 3G/4G/5G Networks: The AKA Protocol

muey769
Completed Initiatives of California LifeLine Customer Portal

Completed Initiatives of California LifeLine Customer Portal

ocean

More Related Content

IEEE 802.11-23/1980r1 Coordinated AP-assisted Medium Synchronization Recovery
IEEE 802.11-23/1980r1 Coordinated AP-assisted Medium Synchronization Recovery
Understanding the Roles of a Security Partner
Understanding the Roles of a Security Partner
Artificial Intelligence in Cyber Security: Enhancing Threat Detection and Response
Artificial Intelligence in Cyber Security: Enhancing Threat Detection and Response
Overcoming the UX Challenges Faced by FIDO Credentials in the Faced by FIDO Credentials in the Consumer Space
Overcoming the UX Challenges Faced by FIDO Credentials in the Faced by FIDO Credentials in the Consumer Space
Understanding Factorial Designs in Experiments
Understanding Factorial Designs in Experiments
Insights into Theories and Definitions of Intelligence
Insights into Theories and Definitions of Intelligence
Investment Responses to Biophysical Climate Impacts on Water, Energy, and Land in SDGs and Climate Policies
Investment Responses to Biophysical Climate Impacts on Water, Energy, and Land in SDGs and Climate Policies
Information Security and Machine-Level Security Concepts
Information Security and Machine-Level Security Concepts
Overview of Computer and Network Security Fundamentals
Overview of Computer and Network Security Fundamentals
Understanding IoT Security Standards and Protocols
Understanding IoT Security Standards and Protocols
Understanding Modern Phishing Techniques and Evilginx Framework
Understanding Modern Phishing Techniques and Evilginx Framework
Vendor Invoicing Process Overview
Vendor Invoicing Process Overview
Cybersecurity Best Practices for Password Protection and Incident Response
Cybersecurity Best Practices for Password Protection and Incident Response
Business Email Compromise (BEC) Overview
Business Email Compromise (BEC) Overview
Marshall University School of Medicine IT Resources & Services Overview
Marshall University School of Medicine IT Resources & Services Overview
DIT Demo Remote Access Guidelines for Working from Home
DIT Demo Remote Access Guidelines for Working from Home
Enhancing Rail Security in the European Union
Enhancing Rail Security in the European Union
Understanding Multi-AP Operation in IEEE 802.11-20-0617/r3
Understanding Multi-AP Operation in IEEE 802.11-20-0617/r3
IEEE 802.11-2020 Multi-Link Reference Model Discussion
IEEE 802.11-2020 Multi-Link Reference Model Discussion
Understanding Multi-Band Multi-Channel Concept in IEEE 802.11be
Understanding Multi-Band Multi-Channel Concept in IEEE 802.11be
Proposal for Enhancing Security in RRC Connection Setup Procedure
Proposal for Enhancing Security in RRC Connection Setup Procedure
Enhancing Online Exams Security with AI Proctoring Solutions
Enhancing Online Exams Security with AI Proctoring Solutions
Central Public Procurement Portal (CPPP) Overview and Advantages
Central Public Procurement Portal (CPPP) Overview and Advantages
IT Support Procedures for Joint Department of Biomedical Engineering at UNC and NCSU
IT Support Procedures for Joint Department of Biomedical Engineering at UNC and NCSU