Two-Step Authentication Implementation for Enhanced Security

 
Two-Step
Authentication
 
Michael Alberhasky - ITS:AIS
 
1
 
Why? Why? Why?
 
Phishing attacks against Employee Self-Service in
Fall 2013
Attackers quickly adjusted to prompts for last four
digits of SSN
SSN is an awful second factor
Critical pieces of Self-Service disabled to off-
campus access
 
2
 
Duo Security
 
Duo provides SAAS for two-step
authentication for various
integrations
Multiple ways to get second factor
Used by other Big10/CIC schools
Pilot was already underway by ITSO
Internet2 consortium had an
existing license agreement with
Duo
 
3
 
How does it work?
 
4
 
 
For the HawkId login service, we use the Duo Web integration
 
Enrollment Tool
 
Duo’s enrollment mechanism wasn’t viable for our
campus - no way for a user to change registered
devices
Initial pilot users had to rely on ITSO to make
changes to their registered devices
Duo has pretty good APIs to facilitating creating your
own enrollment tool
Needed something dead simple
 
5
 
What does it do?
 
Allows user to register one or more devices (SMS, voice,
Duo Push)
Enable/disable Two-Step (2FA) requirement upon login to
apps requiring 2FA
Generate offline backup codes
See setup history
Provide an API to the Help Desk
Synchronize accounts/devices with Duo
 
6
 
Stack
 
Play Framework 1.2.7
Oracle
Bootstrap 3.x
Duo’s Java client library
Swagger for API documentation
 
7
 
Demo
 
8
 
Stats
 
Enrollment tool launched to all
of campus on May 12
3,246 employees have setup
Two-Step auth
89 have turned it off after
completing setup
157,000+ successful logins
 
9
 
Device type
 
Questions??
 
Michael Alberhasky
michael-alberhasky@uiowa.edu
 
10
Slide Note
Embed
Share

Learn about the implementation of two-step authentication at a university to combat phishing attacks and enhance security. Discover how Duo Security was used to provide a seamless two-step authentication solution, the challenges faced during the enrollment tool setup, and the successful implementation statistics. Contact Michael Alberhasky for any inquiries.

  • Authentication
  • Security
  • Duo Security
  • Phishing
  • Enrollment Tool
lumina
lumina Follow

Uploaded on Jul 25, 2024 | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Two-Step Authentication Michael Alberhasky - ITS:AIS 1

  2. Why? Why? Why? Phishing attacks against Employee Self-Service in Fall 2013 Attackers quickly adjusted to prompts for last four digits of SSN SSN is an awful second factor Critical pieces of Self-Service disabled to off- campus access 2

  3. Duo Security Duo provides SAAS for two-step authentication for various integrations Multiple ways to get second factor Used by other Big10/CIC schools Pilot was already underway by ITSO Internet2 consortium had an existing license agreement with Duo 3

  4. How does it work? For the HawkId login service, we use the Duo Web integration 4

  5. Enrollment Tool Duo s enrollment mechanism wasn t viable for our campus - no way for a user to change registered devices Initial pilot users had to rely on ITSO to make changes to their registered devices Duo has pretty good APIs to facilitating creating your own enrollment tool Needed something dead simple 5

  6. What does it do? Allows user to register one or more devices (SMS, voice, Duo Push) Enable/disable Two-Step (2FA) requirement upon login to apps requiring 2FA Generate offline backup codes See setup history Provide an API to the Help Desk Synchronize accounts/devices with Duo 6

  7. Stack Play Framework 1.2.7 Oracle Bootstrap 3.x Duo s Java client library Swagger for API documentation 7

  8. Demo 8

  9. Stats Device type Enrollment tool launched to all of campus on May 12 3,246 employees have setup Two-Step auth 89 have turned it off after completing setup 157,000+ successful logins 9

  10. Questions?? Michael Alberhasky michael-alberhasky@uiowa.edu 10

Related


Enhancing Security with Two-Factor Authentication in Funding & Tenders Portal

Enhancing Security with Two-Factor Authentication in Funding & Tenders Portal

torquil
IGX Orientation 2023: Logging In, Two-Factor Authentication, Dashboard Setup

IGX Orientation 2023: Logging In, Two-Factor Authentication, Dashboard Setup

astoria
Guide to Setting Up EU Login and Two-Factor Authentication

Guide to Setting Up EU Login and Two-Factor Authentication

wolfgang
Implementing 2FA for UW Azure AD: Best Practices and Options

Implementing 2FA for UW Azure AD: Best Practices and Options

adlai
Security and Authentication in Electronic Filing Systems: Arkansas Subcommittee Report

Security and Authentication in Electronic Filing Systems: Arkansas Subcommittee Report

harri
DAVA Drugs Authentication & Verification Application by National Informatics Centre

DAVA Drugs Authentication & Verification Application by National Informatics Centre

ruxt_322
Setting Up Two-Factor Authentication for HRMS Access

Setting Up Two-Factor Authentication for HRMS Access

japp320
Step-by-Step Guide for Connect & Canvas Student Registration

Step-by-Step Guide for Connect & Canvas Student Registration

makynzieb
Setting Up Multi-Factor Authentication at Moraine Park

Setting Up Multi-Factor Authentication at Moraine Park

leid_3
Authentication Mechanisms and Security Vulnerabilities

Authentication Mechanisms and Security Vulnerabilities

lev_tre
An Open-Source SPDM Implementation for Secure Device Communication

An Open-Source SPDM Implementation for Secure Device Communication

eley395
Evolution of User Authentication Practices: Moving Beyond IP Filtering

Evolution of User Authentication Practices: Moving Beyond IP Filtering

rin_fi
Implementing Multifactor Authentication for Enhanced Security in Professional Development Program Data Collection System

Implementing Multifactor Authentication for Enhanced Security in Professional Development Program Data Collection System

attt287
Kerberos Authentication in Network Security

Kerberos Authentication in Network Security

pcapp
Strong Customer Authentication (SCA) for Online Payments in Ireland

Strong Customer Authentication (SCA) for Online Payments in Ireland

kennide
Secure Authentication Using ISO 15693 RFID Tags

Secure Authentication Using ISO 15693 RFID Tags

rtrez
Uncovering Flaws in Authentication Solutions: A Privacy Concern

Uncovering Flaws in Authentication Solutions: A Privacy Concern

guru_4
Authentication and Authorization in Information Assurance

Authentication and Authorization in Information Assurance

zam_nus
ASP.NET Web API Security and Authentication Overview

ASP.NET Web API Security and Authentication Overview

dray_514
Modular Security Analysis for Key Exchange and Authentication Protocols

Modular Security Analysis for Key Exchange and Authentication Protocols

area290
Authentication and Message Authentication in Network Security

Authentication and Message Authentication in Network Security

lein_aye
Two-Factor Authentication for Enhanced Security

Two-Factor Authentication for Enhanced Security

kry_s

More Related Content

giItT1WQy@!-/#