Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Problem

Password compromise and identity impersonation continues to be one of the top information security threats on campus.  It is well known in the industry that simple password authentication is not effective anymore for verifying identity and enforcing access control.  However this type of security control is often the only protection for university high-value assets.

Solution

Implementing Duo multi-factor authentication virtually eliminates the risk of password compromise and identity impersonation by requiring the user to also enter a one-time passcode generated from a device only in their possession (either smartphone app or hardware token) when authenticating to a system.  This combination of "something you know" (password) with "something you have" (Duo token) would then require an attacker to steal not only their password but also a physical device in their possession, which is much less likely than password compromise.

How?

  • Identify the high-risk systems or high-risk roles within those systems for which multi-factor authentication should be enforced
    • Priority given to roles with access to sensitive "restricted" data or system administrator type roles
  • Identify the users in those high-risk roles
    • If using KSAMS for role-based access management, we can produce a report of current role membership
  • Provision users with Duo tokens
    • OIT covers user license cost including software token, if user doesn't have smartphone or wants a hardware token for whatever reason then their department will be recharged the cost (at most $25/each, purchased in increments of 5, usually lasting for 5 years)
    • Duo Security Multi-Factor Authentication - UCI User Guide
  • Configure applications/systems to enforce Duo multi-factor authentication

 

  • No labels