Multi-Factor Authentication Core User Policy and Procedures



Similar documents
One-Time Password Contingency Access Process

A brief on Two-Factor Authentication

The Convergence of IT Security and Physical Access Control

The Convergence of IT Security and Physical Access Control

Multi-Factor Authentication (MFA)

Enhancing Web Application Security

Guide to Evaluating Multi-Factor Authentication Solutions

Trust Elevation Using Risk-Based Multifactor Authentication. Cathy Tilton

Improving Online Security with Strong, Personalized User Authentication

AUTHENTIFIERS. Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes

Business Online Banking Quick Users Guide

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

Two-Factor Authentication User FAQ s

Quick Start Guide. TELUS Business Connect

NetIQ Advanced Authentication Framework - Smartphone Applications

Welcome Guide for MP-1 Token for Microsoft Windows

Multi-Factor Authentication of Online Transactions

How Secure is your Authentication Technology?

SYSPRO App Store: Registration Guide

XYPRO Technology Brief: Stronger User Security with Device-centric Authentication

These Frequently Asked Questions include information about both the Remote Identity Proofing (RIDP) and

STRONGER AUTHENTICATION for CA SiteMinder

Spectrum Health Virtual Desktop (VDI) (available only to select users at this time)

Self Service Portal and 2FA User Guide

Provider OnLine. Log-In Guide

French Justice Portal. Authentication methods and technologies. Page n 1

Authentication Levels. White Paper April 23, 2014

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Strong Authentication for Secure VPN Access

mbank Introduces Personal Security Image MFA* for Consumer on-line banking *Multi-Factor Authentication

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

Multi-factor authentication

NetIQ Advanced Authentication Framework

QUT PRINTING SERVICES. Printing from your laptop. Connect your laptop to the student print queue

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication. Mobile App Activation

IDRBT Working Paper No. 11 Authentication factors for Internet banking

Dynamic Query Updation for User Authentication in cloud Environment

Frequently Asked Questions (FAQs) SIPRNet Hardware Token

Security Upgrade FAQs

How do I Install and Configure MS Remote Desktop for the Haas Terminal Server on my Mac?

Adding Stronger Authentication to your Portal and Cloud Apps

Cybersecurity Practices of Ohio Investment Advisers; A Summary of Survey Responses

Two Factor Authentication and PKI Token (for Windows)

MULTI-FACTOR AUTHENTICATION SET-UP

Flexible Identity. OTP software tokens guide. Multi-Factor Authentication. version 1.0

Manual Configuration Instructions

ADDING STRONGER AUTHENTICATION for VPN Access Control

Advanced Authentication Methods: Software vs. Hardware

Receiving Secure from Citi For External Customers and Business Partners

Single Sign-on Frequently Asked Questions

End-User Manual. for. e-pramaan: A National e-authentication Service. Submitted to

Tranform Multi-Factor Authentication from "Something You Have" to "Something You Already Have"

Flexible Identity. Tokenless authenticators guide. Multi-Factor Authentication. version 1.0

Moving to Multi-factor Authentication. Kevin Unthank

2 FACTOR + 2. Authentication WAY

How To Set Up Hopkins Wireless On Windows 7 On A Pc Or Mac Or Ipad (For A Laptop) On A Network Card (For Windows 7) On Your Computer Or Ipa (For Mac Or Mac) On An Ipa Or

Two Factor Authentication - USER GUIDE

Self-Service, Anywhere

Authentication Tokens

Voice Authentication On-Demand: Your Voice as Your Key

How to Use Remote Access Using Internet Explorer

Enhanced Login Security Frequently Asked Questions

VASCO: Compliant Digital Identity Protection for Healthcare

300% increase 280 MILLION 65% re-use passwords $22 per helpdesk call Passwords can no longer protect you

Multi-Factor Authentication FAQs

Business Banking Customer Login Experience for Enhanced Login Security

NetIQ Advanced Authentication Framework - Client. User's Guide. Version 5.1.0

NASDAQ Web Security Entitlement Installation Guide November 13, 2007

Security Upgrade FAQs

Using RD Gateway with Azure Multifactor Authentication

Software Token Security & Provisioning: Innovation Galore!

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication

Executive Summary P 1. ActivIdentity

Two-Factor Authentication (2FA) Registration Instructions Symantec VIP Access

Johns Hopkins

WHITE PAPER Usher Mobile Identity Platform

Establishing two-factor authentication with Cyberoam UTM appliances and HOTPin authentication server from Celestix Networks

SECUREAUTH IDP AND OFFICE 365

2 factor + 2. Authentication. way

The Initial Registration Process. During the initial registration process, this guide assumes the user has been provided a login ID.

Entrust IdentityGuard

General tips for increasing the security of using First Investment Bank's internet banking

Enhanced Security for Online Banking

Multi-Factor Authentication for your Analytics Implementation. Siamak Ziraknejad VP, Product Management

BlackShield Authentication Service

Cash Management 5.0 User Guide

White Paper. Authentication and Access Control - The Cornerstone of Information Security. Vinay Purohit September Trianz 2008 White Paper Page 1

Establishing two-factor authentication with Barracuda NG Firewall and HOTPin authentication server from Celestix Networks

Law School Computing Services User Memo

Business Mobile Banking

Out-Of-Band Authentication Using a Real-time, Multi-factor Service Model

The Security Behind Sticky Password

SafeWord Domain Login Agent Step-by-Step Guide

Caldwell Community College and Technical Institute

Transcription:

Multi-Factor Authentication Core User Policy and Procedures Core Users with access to other people s sensitive or restrictive information must use one-time passwords (OTP) generated from approved fobs or smartphone OTP apps in addition to their campus credentials to access UW System common systems that require multi-factor authentication. This document specifies Core User responsibilities and procedures when using these fobs or smartphones. It is organized in these sections: 1. Policy 2. Procedure/Processes 3. Background Information 4. Definitions 5. Authorization Form Policy 1. All Core Users must use the generated OTPs from approved fobs or smartphone OTP apps as second factor in addition to their campus credential to authenticate to UW System common systems that require multi-factor authentication. 2. Devices that are used to generate OTP cannot be used to authenticate to UW System common systems that require multi-factor authentication. As such, tablets, desktops and other large screen devices are not allowed. 3. Users who only have the following access are excluded from the multi-factor authentication effort: a. Manager self-service for Time and Labor/Absence Management b. Employee self-service for time reporting c. Talent Acquisition Management d. ebenefits Procedure/Processes Every Core User must choose to use either fob or smartphone as the OTP device, but not both. Both fob and smartphone OTP app will be supported by UW Digital ID. If a Core User chooses to use a smartphone to generate OTP, he/she is responsible for providing his/her personal smartphone or a State-issued smartphone (if a user already has state issued smartphone). The UW-System will not issue smartphones just for Core Users to use as multi-factor authentication devices. UW-System is not responsible for the cost of repairing or replacing the personal smartphones that are used as OTP devices or for the data plan. October 9, 2013 Page 1 of 6

1. Device Options Each Core User can choose a fob or a smartphone based on their work/life style and preference. It is a personal choice. a. Fob: i. How to use it? 1. Each fob comes with a hole on the device for key ring. 2. A Core User will need to press a button on the fob to generate an OTP ii. Pros: 1. Fobs are free of charge for Core Users. 2. Fobs are State-issued devices; therefore, if there are issues with fobs, Core Users can seek help from their campus Local Registration Authorities (LRAs). iii. Cons: 1. The fob is an additional device that Core Users have to remember to carry if they need to authenticate to UW System common systems that require strong authentication. iv. Fob User Responsibilities: 1. Core Users are expected to return their fobs to their campus LRA when they terminate their affiliation with UW-System. 2. Core Users are expected to return their fobs to their campus LRA when they no longer have Core User roles to any of the UW System common systems that require multi-factor authentication. 3. Currently Core Users will not be charged for lost fobs. However, this policy may be changed in the future. Core Users must take reasonable care for the fobs that are assigned to them. Reasonable care includes, but is not limited to: a. Not putting their fobs through washers or under the water on purpose. These fobs are not water resistant. b. Protecting from loss or theft c. The Core Users are expected not to store their OTP fobs in the same office or near a computer used to access the HRS. d. The Core Users are expected not to transport their OTP fobs in the same bags as laptops that are used to access the HRS. OR October 9, 2013 Page 2 of 6

b. Smartphone i. How to use it: 1. Core User must install an OTP app from Symantec (https://kb.wisc.edu/page.php?id=33897). 2. Core Users use the installed OTP app to generate OTP. ii. Pros: 1. Smartphone Core Users do not have additional devices such as fobs to remember to carry with them in order to authenticate to UW System common systems that require strong authentication. 2. The usage of OTP app is free of charge to Core Users. iii. Cons: 1. Depending on user s smartphone contract, there may be a fee associated with using the internet to download the OTP app initially. 2. UW Digital ID only supports the OTP app, not the smartphone itself. Core Users are responsible for making sure that their smartphones are in working condition. iv. Smartphone User responsibilities 1. Core Users are expected to leverage to electronic security provided by their smartphones to access their smartphones 2. Core Users must notify their campus LRA when they change their smartphone device even if they keep the same phone number. 2. Common Procedures and Processes: a. Core Users are expected to use the chosen device in addition to their campus credential to authenticate to UW System common systems that require strong authentication on a regular basis. Currently there is no limit on how many times a Core User can request a temporary OTP. However, UW System monitors the pattern of contingency access usage and may also issue a report to the supervisor of a Core User if the Core user request temporary OTP more than five times in a month. b. Contingency Access Core Users are able to use either one of the following options to request temporary one-time passwords when they don t have their OTP device to authenticate to UW System common systems that require strong authentication: October 9, 2013 Page 3 of 6

i. Login to contingency access website (https://uwdigitalid.wisconsin.edu/index.php?p=27) to request a temporary OTP: Core Users can access the website 24 hours a day, 7 days a week. Note that if a Core User chooses to receive the temporary OTP through text message, depending on user s smartphone contract, there may be a fee associated with each OTP text message. Core Users are responsible for paying for these text message fees. ii. Seek help from campus LRA: Core Users can seek help from their campus LRAs during campus LRA s defined business hours. c. Core Users are expected notify their LRAs when their roles are been changed to non-core User roles. d. Core Users are expected to notify their campus LRAs when they terminate their affiliation with UW-System. e. Core Users are expected to report lost or damaged device to their campus LRA during campus LRA s defined business hours. f. Core Users must take responsible care of their OTP devices. This includes, but is not limited to: i. Core Users are expected not to leave their OTP devices unattended in a public place. Background Information With technology advances and new emerging threats that we face, we have an increased responsibility to provide additional security measures to ensure that the data we collect, consume, and store is secure from unauthorized access. UW-System has developed a stronger method for users to sign into or logon to UW-System apps that store and process restricted and sensitive data. This effort is known as the Multi-Factor Authentication project. One-Time Passwords (OTP) has been selected as the technical platform to address multi-factor authentication. An OTP is valid for only one login session. The OTP platform requires the user to use either a fob or a smartphone that is synchronized with a server to generate the password. All Core Users are required to use the generated OTPs as second factors in addition to their campus credentials to authenticate to UW System common systems that require strong authentication. Definitions October 9, 2013 Page 4 of 6

Term, Abbreviation or Acronym Fob Core User LRA Multiple-Factor Authentication OTP: OTP Device: Smartphone OTP App Definition A State-issued device that is used to generate One Time Password. These are employees who authenticate to through the web interface and who can access other people s sensitive or restrictive information in order to perform their job duties. Local Registration Authority. The OTP LRAs are responsible for identity proofing Core Users when provisioning fobs to users. Authentication containing at least two of the three quality mechanisms: Something a person knows Passwords, PIN numbers, passphrases, a secret handshake, and mother's maiden name. Something a person has Identity badges/cards, physical keys, a driver s license, unique uniform, and digital certificates. Something a person is These authenticators, called biometrics, are based on a physical characteristic of a person, such as fingerprint, voice pattern, retinal pattern, or facial recognition. One Time Password The device that is used to generate One Time Password. This reference both Fob and Smartphone A smartphone app that is used to generate OTP October 9, 2013 Page 5 of 6

Multi-Factor Authentication Core User Policy and Procedures Authorization Form SIGN AND TURN IN: I have read and understand the Multi-Factor Authentication information above. I agree that I will take reasonable care of the OTP device I choose to use and follow the user responsibility requirements. I acknowledge that this form will become a part of my permanent personnel file. Print Name: Signature: Date: Return this signed form to the human resources or LRA who gave it to you. October 9, 2013 Page 6 of 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information