Versions Compared

Old Version 10

changes.mady.by.user Valerie Vogel

Saved on

compared with

New Version Current

changes.mady.by.user Valerie Vogel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Last reviewed: May July 2015

What Is Two-Factor Authentication?

...

Tip
titleAdditional Resources

View recent presentations on access control and identity and access management in the EDUCAUSE library. For example, Check out Breaking the Ubiquitous Two-Factor Barrier, presented by Jane Drews (University of Iowa and Quinn Shamblin (Boston University) at the 2015 Security Professionals Conference. For other recent presentations visit access control and identity and access management in the EDUCAUSE library. 

Learn more about Two-Factor Authentication with Duo Push by visiting the Internet2 NET+ website.

Also see Client (Personal) Certificates: Should We Be Thinking About Certificate Use Cases or Should We Be Thinking About The Sort of Credential Deployment Model We Need? (a presentation at the 2011 Internet2 Member Meeting) for questions to ponder when considering deployment of two-factor authentication.

...

See Mobile One-Time-Passwords (OTP) and Google Authenticator, and DuoSecurity for information on implementation of OTP via mobile phones. Additional implementation options include:

  • SMS push to a preregistered device
  • Photograph-the-barcode-on-your-device's screen
  • Answer a call made to the individual's mobil phone and hit a specified key

  • Biometric voice verification

    Section
    bordertrue
    Column
    width30%

    Advantages:

    • Since most users are already carrying smartphones, it may be perceived as an easier or more convinient convenient way to authenticate than using tokens or smart cards
    • Compatible with a large number of applications
    • Easy to use
    Column
    width30%

    Disadvantages:

    • Relatively new technology, not as mature but gaining acceptance
    • Some confusion exists regarding the levels of two-factor strength of DTMF tones (out of band) vs one-time-passwords (in band) vs SMS (either or) and vendor available options
    • The possibility of cell phone cloning or interception
    • There may be locations/situations in which the use of smartphones may not be viable or functional (airplanes? basements?) or may be too expensive (e.g., when travelling overseas and paying international rates/roaming rates)
    Column
    width30%

    Who Is Using It (this is just a sample list):

2. Security Tokens

...