際際滷

際際滷Share a Scribd company logo

Recommendation For Improving Authentication For Our Online Systems At Pace V2.0

monacofamily
monacofamily

The document discusses authentication practices for online systems at Pace University. It provides an overview of authentication methods ranging from no authentication to multi-factor authentication. It also summarizes Pace's current complex password rules and recommendations for improving authentication, which include assigning risk categories to users and enforcing more frequent password changes for high-risk users. The document also discusses the use of biometrics and multi-factor authentication at other universities.

1 of 11
Recommendations for improving authentication for our online systems at Pace
Authentication practices in Higher Education - from bad to good No authentication Weak Passwords Complex Passwords Complex Passwords with frequent mandatory changes, depending on risk Biometrics Multi-Factor bad good
Current Pace Complex Password Rules must not contain more than 3 consecutive characters of your first name, last name, or username must be 8 or more characters long. must contain at least one character from three of these four categories: UPPERcase characters (A, B, C, ...) lowercase character (a, b, c, ...) numbers (1, 2, 3, ...) special characters (! * + - / : ? _ # $) (i.e. must have at least one uppercase letter, one lowercase letter, and one number) must not be one that you have recently used (you cannot use one of your last 3 passwords) cannot be changed more than once every 24 hours
Some useful hints for selecting a password Use the first letters of each word from a song, phrase, or quote and replace some letters with numbers. For example, "Mary had a little lamb who's fleece was white as snow!" would become Mha11wfwwa5! (substituting 1 for l and 5 for s). Include punctuation for a more secure password (only use the allowed special characters, which are ! % * + - / : ? _). Try to make the password as long as possible. The longer the password, the harder it is to crack or guess it. Do not write the password down and place on your desk!
What some other universities are doing about authentication Enforced password resets occur routinely at: New York Universityall users every 365 days Hofstra Universityall users every 180 days New Jersey Institute of Technologyall users every 120 days Cornell Universityall users every 180 days Seton Hall Universityevery 90 days for administrative systems University of Marylandall users every 180 days Penn Stateall users every 365 days Columbia Universityfaculty/staff every 90 days for ERP SUNY Purchasefaculty/staff every 90 days Note: Rutgers uses Multi-Factor for some ERP Applications
Biometric Authentication in Higher Education ECAR, Core Data Services, FY 2006, Chapter 4 In Computer Security, Biometrics refers to authentication techniques that rely on measurable physical characteristics that can be automatically checked. Examples include retinal scans, computer analysis of fingerprints or speech, or other physiological means of user identification for security purposes.
Multi-Factor (two Factor) Authentication Refers to any authentication protocol that requires more than one form of authentication to access a system. This contrasts with tradition password authentication, which requires only one factor (knowledge of the password) in order to gain access to a system. Three standard kinds of authentication factors are recognized: something you know (like a password or PIN), something you have (like a credit card or Cell Phone), or something you are (like a fingerprint, a retinal pattern, or other biometrics).
Multi-Factor Authentication in Higher Education ECAR, Core Data Services, FY 2006, Chapter 4
How to change your password go to Paces Password Reset Utility (PRU) located at http://pru.pace.edu select Click here at the top of the page for guidelines and help when choosing a complex password review these guidelines and then select Click here to return to the PRU homepage change your password by selecting Change your password and following the prompts
Recommendation We should have the technical ability to assign risk categories to various classes of users in February, 2008. Once we have this capability, we should publish and enforce guidelines that ask those with the highest access rights to change their passwords more often than those with less access rights. We should continue to investigate Biometrics and Multi-factor for specific user groups
Questions? More information is available from the Division of Information Technology: phone: 914 773 - 3648 via web: http:// doithelpdesk.pace.edu [email_address] , 914-923-2658

Recommended

Resume - Lyman Holton - 160210 (SA)
Resume - Lyman Holton - 160210 (SA)Resume - Lyman Holton - 160210 (SA)
Resume - Lyman Holton - 160210 (SA)
Lyman L. Holton, MBA, BS
Tamu V1 5
Tamu V1 5Tamu V1 5
Tamu V1 5
monacofamily
USMA 1970 National Conference on Ethics in America
USMA 1970 National Conference on Ethics in AmericaUSMA 1970 National Conference on Ethics in America
USMA 1970 National Conference on Ethics in America
monacofamily
Pace Information Exchange Proposal 12 9 05 Final Version
Pace Information Exchange Proposal 12 9 05 Final VersionPace Information Exchange Proposal 12 9 05 Final Version
Pace Information Exchange Proposal 12 9 05 Final Version
monacofamily
Strategic Plans For The Technical And Human Sides Of Convergence
Strategic Plans For The Technical And Human Sides Of ConvergenceStrategic Plans For The Technical And Human Sides Of Convergence
Strategic Plans For The Technical And Human Sides Of Convergence
monacofamily
National Cabinet Presentation 2009
National Cabinet Presentation 2009National Cabinet Presentation 2009
National Cabinet Presentation 2009
mekogan
Hudson Samples
Hudson SamplesHudson Samples
Hudson Samples
guestd2728
Timely Emergency Notification Systems
Timely Emergency Notification SystemsTimely Emergency Notification Systems
Timely Emergency Notification Systems
monacofamily
8 passwordsecurity
8 passwordsecurity8 passwordsecurity
8 passwordsecurity
richarddxd
Two-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanTwo-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _Zaman
Asad Zaman
Three Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern SecurityThree Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern Security
ijtsrd
Making User Authentication More Usable
Making User Authentication More UsableMaking User Authentication More Usable
Making User Authentication More Usable
Jim Fenton
Session4-Authentication
Session4-AuthenticationSession4-Authentication
Session4-Authentication
zakieh alizadeh
Improving Password Based Security
Improving Password Based SecurityImproving Password Based Security
Improving Password Based Security
Rare Input
An Enhanced Security System for Web Authentication
An Enhanced Security System for Web Authentication An Enhanced Security System for Web Authentication
An Enhanced Security System for Web Authentication
IJMER
IRJET- Graphical user Authentication for an Alphanumeric OTP
IRJET- Graphical user Authentication for an Alphanumeric OTPIRJET- Graphical user Authentication for an Alphanumeric OTP
IRJET- Graphical user Authentication for an Alphanumeric OTP
IRJET Journal
Configurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and ComplianceConfigurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and Compliance
PortalGuard
Don't Get Stung - Student Data Security
Don't Get Stung - Student Data Security Don't Get Stung - Student Data Security
Don't Get Stung - Student Data Security
cschumley
Voice Biometrics automated password_reset
Voice Biometrics automated password_resetVoice Biometrics automated password_reset
Voice Biometrics automated password_reset
Kunal Grover
Password Strength Policy Query
Password Strength Policy QueryPassword Strength Policy Query
Password Strength Policy Query
Gloria Stoilova
Email Retention Policy1.0 PurposeThe Email Retention Polic.docx
Email Retention Policy1.0 PurposeThe Email Retention Polic.docxEmail Retention Policy1.0 PurposeThe Email Retention Polic.docx
Email Retention Policy1.0 PurposeThe Email Retention Polic.docx
christinemaritza
information security and backup system
information security and backup systeminformation security and backup system
information security and backup system
Engr. Md. Jamal Uddin Rayhan
Password management
Password managementPassword management
Password management
Karen F
C02
C02C02
C02
newbie2019
M-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolM-Pass: Web Authentication Protocol
M-Pass: Web Authentication Protocol
IJERD Editor
Passwordless auth
Passwordless authPasswordless auth
Passwordless auth
Lesha Bhansali
A Novel Web-based Approach for Balancing Usability and Security Requirements ...
A Novel Web-based Approach for Balancing Usability and Security Requirements ...A Novel Web-based Approach for Balancing Usability and Security Requirements ...
A Novel Web-based Approach for Balancing Usability and Security Requirements ...
IJNSA Journal
Ch10 system administration
Ch10 system administration Ch10 system administration
Ch10 system administration
Raja Waseem Akhtar
KISS: Proven Strategies to Stay Connected with Online Students!
KISS: Proven Strategies to Stay Connected with Online Students!KISS: Proven Strategies to Stay Connected with Online Students!
KISS: Proven Strategies to Stay Connected with Online Students!
monacofamily
2012-NCEA-Presentation
2012-NCEA-Presentation2012-NCEA-Presentation
2012-NCEA-Presentation
monacofamily

More Related Content

Similar to Recommendation For Improving Authentication For Our Online Systems At Pace V2.0 (20)

8 passwordsecurity
8 passwordsecurity8 passwordsecurity
8 passwordsecurity
richarddxd
Two-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanTwo-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _Zaman
Asad Zaman
Three Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern SecurityThree Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern Security
ijtsrd
Making User Authentication More Usable
Making User Authentication More UsableMaking User Authentication More Usable
Making User Authentication More Usable
Jim Fenton
Session4-Authentication
Session4-AuthenticationSession4-Authentication
Session4-Authentication
zakieh alizadeh
Improving Password Based Security
Improving Password Based SecurityImproving Password Based Security
Improving Password Based Security
Rare Input
An Enhanced Security System for Web Authentication
An Enhanced Security System for Web Authentication An Enhanced Security System for Web Authentication
An Enhanced Security System for Web Authentication
IJMER
IRJET- Graphical user Authentication for an Alphanumeric OTP
IRJET- Graphical user Authentication for an Alphanumeric OTPIRJET- Graphical user Authentication for an Alphanumeric OTP
IRJET- Graphical user Authentication for an Alphanumeric OTP
IRJET Journal
Configurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and ComplianceConfigurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and Compliance
PortalGuard
Don't Get Stung - Student Data Security
Don't Get Stung - Student Data Security Don't Get Stung - Student Data Security
Don't Get Stung - Student Data Security
cschumley
Voice Biometrics automated password_reset
Voice Biometrics automated password_resetVoice Biometrics automated password_reset
Voice Biometrics automated password_reset
Kunal Grover
Password Strength Policy Query
Password Strength Policy QueryPassword Strength Policy Query
Password Strength Policy Query
Gloria Stoilova
Email Retention Policy1.0 PurposeThe Email Retention Polic.docx
Email Retention Policy1.0 PurposeThe Email Retention Polic.docxEmail Retention Policy1.0 PurposeThe Email Retention Polic.docx
Email Retention Policy1.0 PurposeThe Email Retention Polic.docx
christinemaritza
information security and backup system
information security and backup systeminformation security and backup system
information security and backup system
Engr. Md. Jamal Uddin Rayhan
Password management
Password managementPassword management
Password management
Karen F
C02
C02C02
C02
newbie2019
M-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolM-Pass: Web Authentication Protocol
M-Pass: Web Authentication Protocol
IJERD Editor
Passwordless auth
Passwordless authPasswordless auth
Passwordless auth
Lesha Bhansali
A Novel Web-based Approach for Balancing Usability and Security Requirements ...
A Novel Web-based Approach for Balancing Usability and Security Requirements ...A Novel Web-based Approach for Balancing Usability and Security Requirements ...
A Novel Web-based Approach for Balancing Usability and Security Requirements ...
IJNSA Journal
Ch10 system administration
Ch10 system administration Ch10 system administration
Ch10 system administration
Raja Waseem Akhtar
8 passwordsecurity
8 passwordsecurity8 passwordsecurity
8 passwordsecurity
richarddxd
Two-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanTwo-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _Zaman
Asad Zaman
Three Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern SecurityThree Step Multifactor Authentication Systems for Modern Security
Three Step Multifactor Authentication Systems for Modern Security
ijtsrd
Making User Authentication More Usable
Making User Authentication More UsableMaking User Authentication More Usable
Making User Authentication More Usable
Jim Fenton
Session4-Authentication
Session4-AuthenticationSession4-Authentication
Session4-Authentication
zakieh alizadeh
Improving Password Based Security
Improving Password Based SecurityImproving Password Based Security
Improving Password Based Security
Rare Input
An Enhanced Security System for Web Authentication
An Enhanced Security System for Web Authentication An Enhanced Security System for Web Authentication
An Enhanced Security System for Web Authentication
IJMER
IRJET- Graphical user Authentication for an Alphanumeric OTP
IRJET- Graphical user Authentication for an Alphanumeric OTPIRJET- Graphical user Authentication for an Alphanumeric OTP
IRJET- Graphical user Authentication for an Alphanumeric OTP
IRJET Journal
Configurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and ComplianceConfigurable Password Management: Balancing Usability and Compliance
Configurable Password Management: Balancing Usability and Compliance
PortalGuard
Don't Get Stung - Student Data Security
Don't Get Stung - Student Data Security Don't Get Stung - Student Data Security
Don't Get Stung - Student Data Security
cschumley
Voice Biometrics automated password_reset
Voice Biometrics automated password_resetVoice Biometrics automated password_reset
Voice Biometrics automated password_reset
Kunal Grover
Password Strength Policy Query
Password Strength Policy QueryPassword Strength Policy Query
Password Strength Policy Query
Gloria Stoilova
Email Retention Policy1.0 PurposeThe Email Retention Polic.docx
Email Retention Policy1.0 PurposeThe Email Retention Polic.docxEmail Retention Policy1.0 PurposeThe Email Retention Polic.docx
Email Retention Policy1.0 PurposeThe Email Retention Polic.docx
christinemaritza
information security and backup system
information security and backup systeminformation security and backup system
information security and backup system
Engr. Md. Jamal Uddin Rayhan
Password management
Password managementPassword management
Password management
Karen F
C02
C02C02
C02
newbie2019
M-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolM-Pass: Web Authentication Protocol
M-Pass: Web Authentication Protocol
IJERD Editor
Passwordless auth
Passwordless authPasswordless auth
Passwordless auth
Lesha Bhansali
A Novel Web-based Approach for Balancing Usability and Security Requirements ...
A Novel Web-based Approach for Balancing Usability and Security Requirements ...A Novel Web-based Approach for Balancing Usability and Security Requirements ...
A Novel Web-based Approach for Balancing Usability and Security Requirements ...
IJNSA Journal
Ch10 system administration
Ch10 system administration Ch10 system administration
Ch10 system administration
Raja Waseem Akhtar

More from monacofamily (6)

KISS: Proven Strategies to Stay Connected with Online Students!
KISS: Proven Strategies to Stay Connected with Online Students!KISS: Proven Strategies to Stay Connected with Online Students!
KISS: Proven Strategies to Stay Connected with Online Students!
monacofamily
2012-NCEA-Presentation
2012-NCEA-Presentation2012-NCEA-Presentation
2012-NCEA-Presentation
monacofamily
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
monacofamily
Final Draft of IT 402 Presentation
Final Draft of IT 402 PresentationFinal Draft of IT 402 Presentation
Final Draft of IT 402 Presentation
monacofamily
I I K D For Public Info Version II
I I K D For Public Info Version III I K D For Public Info Version II
I I K D For Public Info Version II
monacofamily
Trends In Higher Ed
Trends In Higher EdTrends In Higher Ed
Trends In Higher Ed
monacofamily
KISS: Proven Strategies to Stay Connected with Online Students!
KISS: Proven Strategies to Stay Connected with Online Students!KISS: Proven Strategies to Stay Connected with Online Students!
KISS: Proven Strategies to Stay Connected with Online Students!
monacofamily
2012-NCEA-Presentation
2012-NCEA-Presentation2012-NCEA-Presentation
2012-NCEA-Presentation
monacofamily
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
monacofamily
Final Draft of IT 402 Presentation
Final Draft of IT 402 PresentationFinal Draft of IT 402 Presentation
Final Draft of IT 402 Presentation
monacofamily
I I K D For Public Info Version II
I I K D For Public Info Version III I K D For Public Info Version II
I I K D For Public Info Version II
monacofamily
Trends In Higher Ed
Trends In Higher EdTrends In Higher Ed
Trends In Higher Ed
monacofamily

Recently uploaded (20)

Leadership u automatizaciji: RPA prie iz prakse!
Leadership u automatizaciji: RPA prie iz prakse!Leadership u automatizaciji: RPA prie iz prakse!
Leadership u automatizaciji: RPA prie iz prakse!
UiPathCommunity
Transcript: AI in publishing: Your questions answered - Tech Forum 2025
Transcript: AI in publishing: Your questions answered - Tech Forum 2025Transcript: AI in publishing: Your questions answered - Tech Forum 2025
Transcript: AI in publishing: Your questions answered - Tech Forum 2025
BookNet Canada
AMER Introduction to ThousandEyes Webinar
AMER Introduction to ThousandEyes WebinarAMER Introduction to ThousandEyes Webinar
AMER Introduction to ThousandEyes Webinar
ThousandEyes
UiPath Document Understanding - Generative AI and Active learning capabilities
UiPath Document Understanding - Generative AI and Active learning capabilitiesUiPath Document Understanding - Generative AI and Active learning capabilities
UiPath Document Understanding - Generative AI and Active learning capabilities
DianaGray10
Agentic AI: The 2025 Next-Gen Automation Guide
Agentic AI: The 2025 Next-Gen Automation GuideAgentic AI: The 2025 Next-Gen Automation Guide
Agentic AI: The 2025 Next-Gen Automation Guide
Thoughtminds
Combining Lexical and Semantic Search with Milvus 2.5
Combining Lexical and Semantic Search with Milvus 2.5Combining Lexical and Semantic Search with Milvus 2.5
Combining Lexical and Semantic Search with Milvus 2.5
Zilliz
Caching for Performance Masterclass: Caching Strategies
Caching for Performance Masterclass: Caching StrategiesCaching for Performance Masterclass: Caching Strategies
Caching for Performance Masterclass: Caching Strategies
ScyllaDB
GDG Cloud Southlake #40: Brandon Stokes: How to Build a Great Product
GDG Cloud Southlake #40: Brandon Stokes: How to Build a Great ProductGDG Cloud Southlake #40: Brandon Stokes: How to Build a Great Product
GDG Cloud Southlake #40: Brandon Stokes: How to Build a Great Product
James Anderson
Deno ...................................
Deno ...................................Deno ...................................
Deno ...................................
Robert MacLean
Predictive vs. Preventive Maintenance Which One is Right for Your Factory
Predictive vs. Preventive Maintenance Which One is Right for Your FactoryPredictive vs. Preventive Maintenance Which One is Right for Your Factory
Predictive vs. Preventive Maintenance Which One is Right for Your Factory
Diagsense ltd
AI Trends and Fun Demos Sothebys Rehoboth Presentation
AI Trends and Fun Demos Sothebys Rehoboth PresentationAI Trends and Fun Demos Sothebys Rehoboth Presentation
AI Trends and Fun Demos Sothebys Rehoboth Presentation
Ethan Holland
THE BIG TEN BIOPHARMACEUTICAL MNCs: GLOBAL CAPABILITY CENTERS IN INDIA
THE BIG TEN BIOPHARMACEUTICAL MNCs: GLOBAL CAPABILITY CENTERS IN INDIATHE BIG TEN BIOPHARMACEUTICAL MNCs: GLOBAL CAPABILITY CENTERS IN INDIA
THE BIG TEN BIOPHARMACEUTICAL MNCs: GLOBAL CAPABILITY CENTERS IN INDIA
Srivaanchi Nathan
Temporary Compound microscope slide .pptx
Temporary Compound microscope slide .pptxTemporary Compound microscope slide .pptx
Temporary Compound microscope slide .pptx
Samir Sharma
William Maclyn Murphy McRae - A Seasoned Professional Renowned
William Maclyn Murphy McRae - A Seasoned Professional RenownedWilliam Maclyn Murphy McRae - A Seasoned Professional Renowned
William Maclyn Murphy McRae - A Seasoned Professional Renowned
William Maclyn Murphy McRae
Webinar: LF Energy GEISA: Addressing edge interoperability at the meter
Webinar: LF Energy GEISA: Addressing edge interoperability at the meterWebinar: LF Energy GEISA: Addressing edge interoperability at the meter
Webinar: LF Energy GEISA: Addressing edge interoperability at the meter
DanBrown980551
Dev Dives: Unlock the future of automation with UiPath Agent Builder
Dev Dives: Unlock the future of automation with UiPath Agent BuilderDev Dives: Unlock the future of automation with UiPath Agent Builder
Dev Dives: Unlock the future of automation with UiPath Agent Builder
UiPathCommunity
5 Must-Use AI Tools to Supercharge Your Productivity
5 Must-Use AI Tools to Supercharge Your Productivity5 Must-Use AI Tools to Supercharge Your Productivity
5 Must-Use AI Tools to Supercharge Your Productivity
cryptouniversityoffi
MIND Revenue Release Quarter 4 2024 - Finacial Presentation
MIND Revenue Release Quarter 4 2024 - Finacial PresentationMIND Revenue Release Quarter 4 2024 - Finacial Presentation
MIND Revenue Release Quarter 4 2024 - Finacial Presentation
MIND CTI
Teaching Prompting and Prompt Sharing to End Users.pptx
Teaching Prompting and Prompt Sharing to End Users.pptxTeaching Prompting and Prompt Sharing to End Users.pptx
Teaching Prompting and Prompt Sharing to End Users.pptx
Michael Blumenthal (Microsoft MVP)
Understanding Traditional AI with Custom Vision & MuleSoft.pptx
Understanding Traditional AI with Custom Vision & MuleSoft.pptxUnderstanding Traditional AI with Custom Vision & MuleSoft.pptx
Understanding Traditional AI with Custom Vision & MuleSoft.pptx
shyamraj55
Leadership u automatizaciji: RPA prie iz prakse!
Leadership u automatizaciji: RPA prie iz prakse!Leadership u automatizaciji: RPA prie iz prakse!
Leadership u automatizaciji: RPA prie iz prakse!
UiPathCommunity
Transcript: AI in publishing: Your questions answered - Tech Forum 2025
Transcript: AI in publishing: Your questions answered - Tech Forum 2025Transcript: AI in publishing: Your questions answered - Tech Forum 2025
Transcript: AI in publishing: Your questions answered - Tech Forum 2025
BookNet Canada
AMER Introduction to ThousandEyes Webinar
AMER Introduction to ThousandEyes WebinarAMER Introduction to ThousandEyes Webinar
AMER Introduction to ThousandEyes Webinar
ThousandEyes
UiPath Document Understanding - Generative AI and Active learning capabilities
UiPath Document Understanding - Generative AI and Active learning capabilitiesUiPath Document Understanding - Generative AI and Active learning capabilities
UiPath Document Understanding - Generative AI and Active learning capabilities
DianaGray10
Agentic AI: The 2025 Next-Gen Automation Guide
Agentic AI: The 2025 Next-Gen Automation GuideAgentic AI: The 2025 Next-Gen Automation Guide
Agentic AI: The 2025 Next-Gen Automation Guide
Thoughtminds
Combining Lexical and Semantic Search with Milvus 2.5
Combining Lexical and Semantic Search with Milvus 2.5Combining Lexical and Semantic Search with Milvus 2.5
Combining Lexical and Semantic Search with Milvus 2.5
Zilliz
Caching for Performance Masterclass: Caching Strategies
Caching for Performance Masterclass: Caching StrategiesCaching for Performance Masterclass: Caching Strategies
Caching for Performance Masterclass: Caching Strategies
ScyllaDB
GDG Cloud Southlake #40: Brandon Stokes: How to Build a Great Product
GDG Cloud Southlake #40: Brandon Stokes: How to Build a Great ProductGDG Cloud Southlake #40: Brandon Stokes: How to Build a Great Product
GDG Cloud Southlake #40: Brandon Stokes: How to Build a Great Product
James Anderson
Deno ...................................
Deno ...................................Deno ...................................
Deno ...................................
Robert MacLean
Predictive vs. Preventive Maintenance Which One is Right for Your Factory
Predictive vs. Preventive Maintenance Which One is Right for Your FactoryPredictive vs. Preventive Maintenance Which One is Right for Your Factory
Predictive vs. Preventive Maintenance Which One is Right for Your Factory
Diagsense ltd
AI Trends and Fun Demos Sothebys Rehoboth Presentation
AI Trends and Fun Demos Sothebys Rehoboth PresentationAI Trends and Fun Demos Sothebys Rehoboth Presentation
AI Trends and Fun Demos Sothebys Rehoboth Presentation
Ethan Holland
THE BIG TEN BIOPHARMACEUTICAL MNCs: GLOBAL CAPABILITY CENTERS IN INDIA
THE BIG TEN BIOPHARMACEUTICAL MNCs: GLOBAL CAPABILITY CENTERS IN INDIATHE BIG TEN BIOPHARMACEUTICAL MNCs: GLOBAL CAPABILITY CENTERS IN INDIA
THE BIG TEN BIOPHARMACEUTICAL MNCs: GLOBAL CAPABILITY CENTERS IN INDIA
Srivaanchi Nathan
Temporary Compound microscope slide .pptx
Temporary Compound microscope slide .pptxTemporary Compound microscope slide .pptx
Temporary Compound microscope slide .pptx
Samir Sharma
William Maclyn Murphy McRae - A Seasoned Professional Renowned
William Maclyn Murphy McRae - A Seasoned Professional RenownedWilliam Maclyn Murphy McRae - A Seasoned Professional Renowned
William Maclyn Murphy McRae - A Seasoned Professional Renowned
William Maclyn Murphy McRae
Webinar: LF Energy GEISA: Addressing edge interoperability at the meter
Webinar: LF Energy GEISA: Addressing edge interoperability at the meterWebinar: LF Energy GEISA: Addressing edge interoperability at the meter
Webinar: LF Energy GEISA: Addressing edge interoperability at the meter
DanBrown980551
Dev Dives: Unlock the future of automation with UiPath Agent Builder
Dev Dives: Unlock the future of automation with UiPath Agent BuilderDev Dives: Unlock the future of automation with UiPath Agent Builder
Dev Dives: Unlock the future of automation with UiPath Agent Builder
UiPathCommunity
5 Must-Use AI Tools to Supercharge Your Productivity
5 Must-Use AI Tools to Supercharge Your Productivity5 Must-Use AI Tools to Supercharge Your Productivity
5 Must-Use AI Tools to Supercharge Your Productivity
cryptouniversityoffi
MIND Revenue Release Quarter 4 2024 - Finacial Presentation
MIND Revenue Release Quarter 4 2024 - Finacial PresentationMIND Revenue Release Quarter 4 2024 - Finacial Presentation
MIND Revenue Release Quarter 4 2024 - Finacial Presentation
MIND CTI
Teaching Prompting and Prompt Sharing to End Users.pptx
Teaching Prompting and Prompt Sharing to End Users.pptxTeaching Prompting and Prompt Sharing to End Users.pptx
Teaching Prompting and Prompt Sharing to End Users.pptx
Michael Blumenthal (Microsoft MVP)
Understanding Traditional AI with Custom Vision & MuleSoft.pptx
Understanding Traditional AI with Custom Vision & MuleSoft.pptxUnderstanding Traditional AI with Custom Vision & MuleSoft.pptx
Understanding Traditional AI with Custom Vision & MuleSoft.pptx
shyamraj55

Recommendation For Improving Authentication For Our Online Systems At Pace V2.0

  • 1. Recommendations for improving authentication for our online systems at Pace
  • 2. Authentication practices in Higher Education - from bad to good No authentication Weak Passwords Complex Passwords Complex Passwords with frequent mandatory changes, depending on risk Biometrics Multi-Factor bad good
  • 3. Current Pace Complex Password Rules must not contain more than 3 consecutive characters of your first name, last name, or username must be 8 or more characters long. must contain at least one character from three of these four categories: UPPERcase characters (A, B, C, ...) lowercase character (a, b, c, ...) numbers (1, 2, 3, ...) special characters (! * + - / : ? _ # $) (i.e. must have at least one uppercase letter, one lowercase letter, and one number) must not be one that you have recently used (you cannot use one of your last 3 passwords) cannot be changed more than once every 24 hours
  • 4. Some useful hints for selecting a password Use the first letters of each word from a song, phrase, or quote and replace some letters with numbers. For example, "Mary had a little lamb who's fleece was white as snow!" would become Mha11wfwwa5! (substituting 1 for l and 5 for s). Include punctuation for a more secure password (only use the allowed special characters, which are ! % * + - / : ? _). Try to make the password as long as possible. The longer the password, the harder it is to crack or guess it. Do not write the password down and place on your desk!
  • 5. What some other universities are doing about authentication Enforced password resets occur routinely at: New York Universityall users every 365 days Hofstra Universityall users every 180 days New Jersey Institute of Technologyall users every 120 days Cornell Universityall users every 180 days Seton Hall Universityevery 90 days for administrative systems University of Marylandall users every 180 days Penn Stateall users every 365 days Columbia Universityfaculty/staff every 90 days for ERP SUNY Purchasefaculty/staff every 90 days Note: Rutgers uses Multi-Factor for some ERP Applications
  • 6. Biometric Authentication in Higher Education ECAR, Core Data Services, FY 2006, Chapter 4 In Computer Security, Biometrics refers to authentication techniques that rely on measurable physical characteristics that can be automatically checked. Examples include retinal scans, computer analysis of fingerprints or speech, or other physiological means of user identification for security purposes.
  • 7. Multi-Factor (two Factor) Authentication Refers to any authentication protocol that requires more than one form of authentication to access a system. This contrasts with tradition password authentication, which requires only one factor (knowledge of the password) in order to gain access to a system. Three standard kinds of authentication factors are recognized: something you know (like a password or PIN), something you have (like a credit card or Cell Phone), or something you are (like a fingerprint, a retinal pattern, or other biometrics).
  • 8. Multi-Factor Authentication in Higher Education ECAR, Core Data Services, FY 2006, Chapter 4
  • 9. How to change your password go to Paces Password Reset Utility (PRU) located at http://pru.pace.edu select Click here at the top of the page for guidelines and help when choosing a complex password review these guidelines and then select Click here to return to the PRU homepage change your password by selecting Change your password and following the prompts
  • 10. Recommendation We should have the technical ability to assign risk categories to various classes of users in February, 2008. Once we have this capability, we should publish and enforce guidelines that ask those with the highest access rights to change their passwords more often than those with less access rights. We should continue to investigate Biometrics and Multi-factor for specific user groups
  • 11. Questions? More information is available from the Division of Information Technology: phone: 914 773 - 3648 via web: http:// doithelpdesk.pace.edu [email_address] , 914-923-2658
AboutCopyright
息 2025 際際滷