Skip to Content.
Sympa Menu

announce - [InCommon] Two-Factor Authentication Ahead for Federation Manager

Subject: News and information about InCommon Academy offerings

List archive

[InCommon] Two-Factor Authentication Ahead for Federation Manager


Chronological Thread 
  • From: Dean Woodbeck <>
  • To:
  • Subject: [InCommon] Two-Factor Authentication Ahead for Federation Manager
  • Date: Wed, 2 May 2012 15:42:24 -0400

InCommon is introducing two-factor authentication to protect the Federation Manager, the application site administrators use to update their organization’s metadata. This data is critical to establishing the trust backbone of the InCommon Federation. Although the current login system requires the use of strong passwords, adding two-factor authentication will substantially increase account security. [1] This is in response to a risk assessment of the Federation Manager undertaken by the InCommon TAC. [2]

InCommon chose Duo Security’s two-factor authentication technology [3] because it leverages mobile phones, devices almost all users already have. To authenticate, a user first types a password and then confirms the login attempt with the Duo Mobile smartphone app. After confirming the login attempt, the user is authenticated. Duo also supports second-factor delivery via text message, phone call, and one-time password tokens.

InCommon Registration Authority administrators are already using Duo two-factor authentication to log into the Federation Manager. Site administrators will begin logging in with a second factor in June. The transition to Duo two-factor is expected to continue throughout the summer. More information about Duo Security is at www.duosecurity.com.





  • [InCommon] Two-Factor Authentication Ahead for Federation Manager, Dean Woodbeck, 05/02/2012

Archive powered by MHonArc 2.6.16.

Top of Page