Multi-Factor Authentication (MFA)

Similar documents
Take Control of Your Passwords

2 Factor Authentication. By Ron Brown

Would you bet your business on the strength of every employee s password?

Lecture 14 Passwords and Authentication

Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts

Enroll in Two factor Authentication - iphone

The State of Privacy in Washington State. August 16, 2016 Alex Alben Chief Privacy Officer Washington

Multi-Factor Authentication FAQs

Contents. Multi-Factor Authentication Overview. Available MFA Factors

The Lord of the Keys How two-part seed records solve all safety concerns regarding two-factor authentication

Attacking Your Two-Factor Authentication (PS: Use Two-Factor Authentication)

Using CSE Cisco Anyconnect with 2FA

Duo End User Education Templates

IAG Second Factor Delivery Methods

2- Factor Authentication. Another layer of security Ron Brown

Computer Security 4/12/19

Unlocking Office 365 without a password. How to Secure Access to Your Business Information in the Cloud without needing to remember another password.

Getting Started New User. To begin, open the Multi-Factor Authentication Service in your inbox.

COMPUTING FUNDAMENTALS I

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

Duo Enrollment for DA Employees

Pattern Recognition and Applications Lab AUTHENTICATION. Giorgio Giacinto.

1.1. HOW TO START? 1.2. ACCESS THE APP

All 3 Billion Yahoo Accounts Were Affected by 2013 Attack NY Times 10/3/17

Sumy State University Department of Computer Science

Getting Started with Duo Security Two-Factor Authentication (2FA)

How to Build a Culture of Security

Authentication Options

Welcome. ScrogginsGrear clients. to Cybersecurity Education Series. Password Management & Public Wi-Fi Security

THE FUTURE IS DECENTRALIZED

Azure Multi-Factor Authentication: Who do you think you are?

Using MFA with the Pulse Client

Texas Division How to Login and Register for My IT Support and ServiceNow

Account Takeover: Why Payment Fraud Protection is Not Enough

Mobile Banking App Guide (ios and Android Apps) Mobile Banking App Guide (ios and Android)

Software Token Enrollment: SafeNet MobilePASS+ for Apple ios

Remote Access VPN Setup

Keep the Door Open for Users and Closed to Hackers

CNT4406/5412 Network Security

Security Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment

Google 2 factor authentication User Guide

Duo Security Enrollment Guide

QUICK NOTE: MULTI-FACTOR AUTHENTICATION

Cloud sicherung durch Adaptive Multi-factor Authentication

Have breaches declined since the massive Heartland Payments leak in 2008? What proportion of breaches are the result of hacking?

QUICK REFERENCE GUIDE. Managed Network Security Portal Multi-Factor Authentication

Welcome. Password Management & Public Wi-Fi Security. Hosted by: Content by:

Remote Access with Imprivata Two-factor Authentication

ICE CLEAR EUROPE DMS GLOBAL ID CREATION USER GUIDE VERSION 1.0

Authentication Methods

Reducing Cyber Risk in Your Organization

QCon - New York. New York 18th June 2012 (June 18th for Americans)

Duo Multi-Factor Authentication Enrolling an iphone. Introduction. Enrolling an iphone

Duo Security Enrollment Guide

Duo Multi-Factor Authentication Enrolling an ipad. Introduction

SurePassID ServicePass User Guide. SurePassID Authentication Server 2017

Dissecting Data Breaches. What Keeps Going Wrong?

Implementing Multi-factor Authentication for Clinical Applications

Safety and Security. April 2015

Computer Security 3/20/18

Getting Started Accessing Okta All Employees

User Guide: Adding a Device in Duo and Managing Settings

LUCITY SECURITY. This manual covers managing users, groups, and permissions for Lucity. Version: 2017r2

Computer Security. 08. Authentication. Paul Krzyzanowski. Rutgers University. Spring 2018

Merchant Toolkit. Multi-Factor Authentication

Authentication Technology for a Smart eid Infrastructure.

How to tell if you are being cyber stalked or hacked BCS, September 2017

Passwords. CS 166: Introduction to Computer Systems Security. 3/1/18 Passwords J. Liebow-Feeser, B. Palazzi, R. Tamassia, CC BY-SA 2.

BOCHK Mobile Token FAQ

Mobile Banking User Guide

Enrolling Devices in Duo

BIDMC Multi-Factor Authentication Enrollment Guide Table of Contents

Meeting FFIEC Meeting Regulations for Online and Mobile Banking

Passwords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist

The of Passw0rds: Notes from the field

MFA Enrollment Guide. Multi-Factor Authentication (MFA) Enrollment guide STAGE Environment

EXPERIENCE SIMPLER, STRONGER AUTHENTICATION

Remote Workspace. Nubo End User Guide. Version: 1.3 Date: June, Copyright 2017 by Nubo Inc. All rights reserved. Page 1

LinQ2FA. Helping You. Network. Direct Communication. Stay Fraud Free!

Duo Self-Enrollment Guide for Android Tablets

STEAM Clown Production. Passwords. STEAM Clown & Productions Copyright 2016 STEAM Clown. Page 1 - Cyber Security Class

Password & Tutorials Packet

THE END OF SURVEILLANCE

Bechtel Partner Access User Guide

Multifactor Authentication (MFA) Mobile Phone Registration

Employee Security Awareness Training

owncloud Android App Manual

Online Banking Initial Log In Instructions. Go to and enter your username: Ex JaneDoe

Two Factor Authentication

POPA MOBILE BANKING USER GUIDE

EXPERIENCE SIMPLER, STRONGER AUTHENTICATION

Authentication SPRING 2018: GANG WANG. Slides credit: Michelle Mazurek (U-Maryland) and Blase Ur (CMU)

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

Jordan Levesque - Keeping your Business Secure

What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.

What FinAid offices need to know about cyberattacks. Presented by: Chris Chumley, COO at CampusLogic Thursday, March 31, EST

Multi-factor Authentication Instructions

Zimbra Collaboration Two-Factor Authentication

Mobile App User Guide

Cicayda Reprise Review Multi Factor Authentication (MFA) Administrative Tasks

Transcription:

10.10.18 1 Multi-Factor Authentication (MFA) What is it? Why should I use it? CYBERSECURITY Tech Fair 2018

10.10.18 2 Recent Password Hacks PlayStation Network (2011) 77 Million accounts hacked Adobe (2013) 38 Million accounts hacked Yahoo (2014) 3 Billion accounts hacked (that B is not a typo) Under Armour (2018) 150 Million accounts hacked

10.10.18 3 What can I do? You can t stop a data breach, but you can make your password less useful to hackers How? Use MFA if possible Even if someone gains access to your password, you might be protected

10.10.18 4 What is MFA? MFA (Multi-Factor Authentication)/ 2FA (Two-Factor Authentication) Uses multiple independent credentials What you know What you have What you are Creates redundancy One method fails, another to fall back on

10.10.18 5 Examples Log into website, receive one-time password via email or SMS Access VPN with password (e.g. vpn.bu.edu/2fa), answer prompt in DUO app on mobile device Access corporate network via USB device and password Enter high security facility with retina scan, and code

10.10.18 6 DUO etc. BU uses DUO to protect PII Many sites use SMS MFA Better option is to use app/ dedicated code generation device if possible

10.10.18 7 Downsides Inconvenient Extra time to log in Can t log in without device (dead battery/ forgot) Can cause issues with applications depending on implementation

10.10.18 8 How to defeat MFA? Social Engineering Physical access to MFA security device Hacked Cookies Unknown methods

10.10.18 9 Summary Very important to use especially on critical accounts (Google, Apple) Especially on accounts that are used for other MFA (email accounts etc.) Slight inconvenience is small price to pay for large increase in security Hackers go after the low-hanging fruit Go home and enable MFA on everything!

10.10.18 10 Questions?

sources: https://vigilante.pw/, SplashData Multi-Factor Authentication (MFA) Why does it matter? Hacks happen all the time. We unfortunately cannot control how third parties store our sensitive data, but using MFA, we can make our passwords less useful to hackers. What if copies of your house key were entrusted to a third party to keep safe? Wouldn t you want to install another type of lock that only you could get through? This is a good (basic) analogy of MFA. Hackers usually go after the low hanging fruit. Don t be an easy target. Largest hacks (> 50 million records) Entity Year Records Organization type Method Yahoo 2013 3,000,000,000 web hacked Yahoo 2014 500,000,000 web hacked Friend Finder Networks 2016 412,214,295 web poor security / hacked Massive American business hack 2012 160,000,000 financial hacked Adobe Systems 2013 152,000,000 tech hacked Under Armour 2018 150,000,000 Consumer Goods hacked ebay 2014 145,000,000 web hacked Equifax 2017 143,000,000 financial, credit reporting poor security Heartland 2009 130,000,000 financial hacked Rambler.ru 2012 98,167,935 web hacked TK / TJ Maxx 2007 94,000,000 retail hacked MyHeritage 2018 92,283,889 genealogy unknown AOL 2004 92,000,000 web inside job, hacked Anthem Inc. 2015 80,000,000 healthcare hacked Sony PlayStation Network 2011 77,000,000 gaming hacked JP Morgan Chase 2014 76,000,000 financial hacked National Archives and Records Administration 2009 76,000,000 military lost / stolen media Target Corporation 2014 70,000,000 retail hacked Tumblr 2013 65,469,298 web hacked Uber 2017 57,000,000 transport hacked Home Depot 2014 56,000,000 retail hacked Philippines Commission on Elections 2016 55,000,000 government hacked Facebook 2018 50,000,000 Social network Poor security Evernote 2013 50,000,000 web hacked Living Social 2013 50,000,000 web hacked Most common passwords (2017) 1. 123456 2. Password 3. 12345678 4. qwerty 5. 12345 6. 123456789 7. letmein 8. 1234567 9. football 10. iloveyou 11. admin 12. welcome 13. monkey 14. login 15. abc123 16. starwars 17. 123123 18. dragon 19. passw0rd 20. master 21. hello 22. freedom 23. whatever 24. qazwsx 25. trustno1

Multi-Factor Authentication (MFA) What is it? You might also hear of 2FA (Two-Factor Authentication) which is a subset of MFA MFA is an authentication method that uses multiple independent credentials What the user knows What the user has What the user is Adds another layer of security beyond username and password, which can be easily cracked, guessed, or hacked MFA has been around for many years, but is now starting to be common in the private sector What the user knows: Password PIN code Security questions What the user has: Security token One-Time password (OTP) ATM card ios/ Android app What the user is: Fingerprint Retina scan

Multi-Factor Authentication (MFA) Why should I use it? The standard username and password authentication method necessarily requires a database of stored passwords. If this is captured, it is only a matter of time before the database will fall. As computers get more and more powerful, cracking passwords gets easier and easier MFA creates redundancy. If your password is compromised due to poor strength or a hack, there is still a fallback It is very easy to set up How do we use it at BU? We use an MFA solution called DUO at BU DUO protects our sensitive systems BUWorks Our Mainframe Other sensitive data systems that contain PII DUO is easy to use: Can push notifications to DUO app (preferred) Can receive an SMS one-time passcode Can receive call to mobile or office phone Hackers go after the easy targets. Don t be one!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback