Recommendations for improving authentication for our online systems at Pace
Authentication practices in Higher Education -  from  bad  to  good <ul><li>No authentication </li></ul><ul><li>Weak Passw...
Current Pace Complex Password Rules <ul><li>must not contain more than 3 consecutive characters of your first name, last n...
Some useful hints for selecting a password <ul><li>Use the first letters of each word from a song, phrase, or quote and re...
What some other universities are doing about authentication… <ul><li>Enforced password resets occur routinely at: </li></u...
Biometric Authentication in Higher Education ECAR, Core Data Services, FY 2006, Chapter 4 In Computer Security, Biometrics...
Multi-Factor (two Factor) Authentication <ul><li>Refers to any authentication protocol that requires more than one form of...
Multi-Factor Authentication in  Higher Education ECAR, Core Data Services, FY 2006, Chapter 4
How to change your password <ul><li>go to Pace’s  Password Reset Utility  (PRU) located at  http://pru.pace.edu   </li></u...
Recommendation <ul><li>We should have the  technical  ability to assign risk categories to various classes of users in Feb...
Questions? <ul><li>More information is available from the  </li></ul><ul><li>Division of Information Technology: </li></ul...
Upcoming SlideShare
Loading in …5
×

Recommendation For Improving Authentication For Our Online Systems At Pace V2.0

447 views

Published on

Best Practices (at the time) for improving authentication

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
447
On SlideShare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Recommendation For Improving Authentication For Our Online Systems At Pace V2.0

  1. 1. Recommendations for improving authentication for our online systems at Pace
  2. 2. Authentication practices in Higher Education - from bad to good <ul><li>No authentication </li></ul><ul><li>Weak Passwords </li></ul><ul><li>Complex Passwords </li></ul><ul><li>Complex Passwords with frequent mandatory changes, depending on risk </li></ul><ul><li>Biometrics </li></ul><ul><li>Multi-Factor </li></ul>bad good
  3. 3. Current Pace Complex Password Rules <ul><li>must not contain more than 3 consecutive characters of your first name, last name, or username </li></ul><ul><li>must be 8 or more characters long. </li></ul><ul><li>must contain at least one character from three of these four categories: </li></ul><ul><ul><li>UPPERcase characters (A, B, C, ...) </li></ul></ul><ul><ul><li>lowercase character (a, b, c, ...) </li></ul></ul><ul><ul><li>numbers (1, 2, 3, ...) </li></ul></ul><ul><ul><li>special characters (! * + - / : ? _ # $) </li></ul></ul><ul><li>(i.e. must have at least one uppercase letter, one lowercase letter, and one number) </li></ul><ul><li>must not be one that you have recently used (you cannot use one of your last 3 passwords) </li></ul><ul><li>cannot be changed more than once every 24 hours </li></ul>
  4. 4. Some useful hints for selecting a password <ul><li>Use the first letters of each word from a song, phrase, or quote and replace some letters with numbers. For example, &quot;Mary had a little lamb who's fleece was white as snow!&quot; would become Mha11wfwwa5! (substituting 1 for l and 5 for s). Include punctuation for a more secure password (only use the allowed special characters, which are ! % * + - / : ? _). </li></ul><ul><li>Try to make the password as long as possible. The longer the password, the harder it is to crack or guess it. </li></ul><ul><li>Do not write the password down and place on your desk! </li></ul>
  5. 5. What some other universities are doing about authentication… <ul><li>Enforced password resets occur routinely at: </li></ul><ul><li>New York University—all users every 365 days </li></ul><ul><li>Hofstra University—all users every 180 days </li></ul><ul><li>New Jersey Institute of Technology—all users every 120 days </li></ul><ul><li>Cornell University—all users every 180 days </li></ul><ul><li>Seton Hall University—every 90 days for administrative systems </li></ul><ul><li>University of Maryland—all users every 180 days </li></ul><ul><li>Penn State—all users every 365 days </li></ul><ul><li>Columbia University—faculty/staff every 90 days for ERP </li></ul><ul><li>SUNY Purchase—faculty/staff every 90 days </li></ul><ul><li>Note: Rutgers – uses Multi-Factor for some ERP Applications </li></ul>
  6. 6. Biometric Authentication in Higher Education ECAR, Core Data Services, FY 2006, Chapter 4 In Computer Security, Biometrics refers to authentication techniques that rely on measurable physical characteristics that can be automatically checked. Examples include retinal scans, computer analysis of fingerprints or speech, or other physiological means of user identification for security purposes.
  7. 7. Multi-Factor (two Factor) Authentication <ul><li>Refers to any authentication protocol that requires more than one form of authentication to access a system. This contrasts with tradition password authentication, which requires only one factor (knowledge of the password) in order to gain access to a system. </li></ul><ul><li>Three standard kinds of authentication factors are recognized: something you know (like a password or PIN), something you have (like a credit card or Cell Phone), or something you are (like a fingerprint, a retinal pattern, or other biometrics). </li></ul>
  8. 8. Multi-Factor Authentication in Higher Education ECAR, Core Data Services, FY 2006, Chapter 4
  9. 9. How to change your password <ul><li>go to Pace’s Password Reset Utility (PRU) located at http://pru.pace.edu </li></ul><ul><li>select Click here at the top of the page for guidelines and help when choosing a complex password </li></ul><ul><li>review these guidelines and then select Click here to return to the PRU homepage </li></ul><ul><li>change your password by selecting Change your password and following the prompts </li></ul>
  10. 10. Recommendation <ul><li>We should have the technical ability to assign risk categories to various classes of users in February, 2008. </li></ul><ul><li>Once we have this capability, we should publish and enforce guidelines that ask those with the highest access rights to change their passwords more often than those with less access rights. </li></ul><ul><li>We should continue to investigate Biometrics and Multi-factor for specific user groups </li></ul>
  11. 11. Questions? <ul><li>More information is available from the </li></ul><ul><li>Division of Information Technology: </li></ul><ul><li>phone: 914 – 773 - 3648 </li></ul><ul><li>via web: http:// doithelpdesk.pace.edu </li></ul>[email_address] , 914-923-2658

×