assurance - RE: [Assurance] silver and two-factor ...
Subject: Assurance
List archive
- From: "Dunker, Mary" <>
- To: "''" <>
- Subject: RE: [Assurance] silver and two-factor ...
- Date: Tue, 13 Mar 2012 14:18:04 -0400
- Accept-language: en-US
- Acceptlanguage: en-US
One of Virginia Tech's drivers for submitting 2-factor for Silver
certification is that our hardware token-issuing process already includes
rigorous face-to-face identity proofing and verification procedures. In
contrast, our IDs and passwords are issued via self-service, with
identity-proofing that would be more difficult to audit.
Mary
-----------------------------------------------------------------
Mary Dunker
Director, Secure Enterprise Technology Initiatives
Virginia Tech Information Technology
1700 Pratt Drive
Blacksburg, VA 24060
540-231-9327
--------------------------------------------------------------------
-----Original Message-----
From:
[mailto:]
On Behalf Of Frazier, William S [ITSYS]
Sent: Tuesday, March 13, 2012 2:03 PM
To:
Subject: Re: [Assurance] silver and two-factor ...
Perhaps the two-factor and silver interests are not always related except by
coincidence. Silver assurance is needed because an affiliation requires it.
At the same time, multi-factor is needed because auditors are pushing for it.
Bill
------------------------------------------------------------------
Bill Frazier
Unix OS, Apps, Evolving Technologies Lead voice: (515) 294-8620
Iowa State University fax: (515) 294-1717
Information Technology Services, 251 Durham, Ames, Iowa 50011-2251
On 3/13/12 12:48 PM, "Jones, Mark B"
<>
wrote:
>By adopting the Silver assurance level my assumption is that password
>based authentication, despite any flaws, is deemed good enough for the
>applications/services leveraging it.
>
>Perhaps the interest in two-factor is actually an indication of the
>need for Gold assurance?
>
>-----Original Message-----
>From:
>
>[mailto:]
> On Behalf Of Caskey, Paul
>Sent: Tuesday, March 13, 2012 11:55 AM
>To:
>
>Subject: RE: [Assurance] silver and two-factor ...
>
>IMHO, and as someone said on a list a week or two ago, there is no such
>thing as a strong password when all an attacker has to do is ask a user
>for their password and, all too often, get it. So, for us, that's why
>we are looking at 2 factor.
>
>That said, I'm sure someone is already working on a new crafty spam
>mail "Please mail me your 2nd factor token and PIN and I will then wire you
>$10 million from this Nigerian prince...". :)
>
>
>
>
>> -----Original Message-----
>> From:
>>
>> [
>> ]
>> On Behalf Of Steven Carmody
>> Sent: Tuesday, March 13, 2012 11:48 AM
>> To:
>>
>> Subject: [Assurance] silver and two-factor ...
>>
>> I'm wondering why so many sites that are interested in Silver are so
>> interested in two-factor....
>>
>> I haven't looked at the Silver profile in a long time. But, my memory
>>is that strong passwords, stored sufficiently securely, and not
>>replicated into uncontrolled environments (eg google), would pass
>>muster with Silver.
>>I'm
>> assuming, of course, that the other Silver criteria (eg around
>>identity proofing, account claiming, etc) would also be met.
>>
>> I can imagine that there may be issues with those passwords passing
>>through a variety of systems (eg systems that are then authenticating
>>users against a central ldap, for instance). But, that's just a guess
>>-- I would be interested in hearing about specific concerns that are
>>driving sites toward two-factor.
>>
>> Thanks for any light you can shine on this!
- [Assurance] silver and two-factor ..., Steven Carmody, 03/13/2012
- Re: [Assurance] silver and two-factor ..., Tom Scavo, 03/13/2012
- RE: [Assurance] silver and two-factor ..., Caskey, Paul, 03/13/2012
- RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/13/2012
- Re: [Assurance] silver and two-factor ..., Frazier, William S [ITSYS], 03/13/2012
- RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/13/2012
- RE: [Assurance] silver and two-factor ..., Dunker, Mary, 03/13/2012
- Re: [Assurance] silver and two-factor ..., Christopher Bongaarts, 03/13/2012
- RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/13/2012
- Re: [Assurance] silver and two-factor ..., Tom Scavo, 03/13/2012
- RE: [Assurance] silver and two-factor ..., Farmer, Jacob, 03/13/2012
- RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/13/2012
- Re: [Assurance] silver and two-factor ..., Christopher Bongaarts, 03/13/2012
- Re: [Assurance] silver and two-factor ..., Frazier, William S [ITSYS], 03/13/2012
- RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/13/2012
- RE: [Assurance] silver and two-factor ..., Roy, Nicholas S, 03/14/2012
- RE: [Assurance] silver and two-factor ..., David Walker, 03/14/2012
- RE: [Assurance] silver and two-factor ..., Roy, Nicholas S, 03/15/2012
- Re: [Assurance] silver and two-factor ..., David Bantz, 03/15/2012
- RE: [Assurance] silver and two-factor ..., Roy, Nicholas S, 03/15/2012
- RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/15/2012
- Re: [Assurance] silver and two-factor ..., David Bantz, 03/15/2012
- RE: [Assurance] silver and two-factor ..., Roy, Nicholas S, 03/15/2012
- RE: [Assurance] silver and two-factor ..., David Walker, 03/14/2012
Archive powered by MHonArc 2.6.16.