Authentication through Password Protection Background to the Problem: Password Reset User Support: Problem: Order of Magnitude

Authentication through Password Protection Background to the Problem: Password Reset User Support: Problem: Order of Magnitude www.phwiki.com

Authentication through Password Protection Background to the Problem: Password Reset User Support: Problem: Order of Magnitude

Sanders, Shawn, Contributing Writer has reference to this Academic Journal, PHwiki organized this Journal Team: SuperBad CatsMSIT 458 – Dr. ChenAuthentication through Password Protection Background to the Problem:Companies require password protection on many important systems within their companyVarious systems may have differing password requirementsRequiring users to create in addition to recall different passwords as long as different systemsVarious systems may be used only sparingly by certain usersUsers may as long as get their password after a period of non-useCompanies often require a new password after a given period of timeRequiring users to create in addition to recall different passwords as long as different systemsPassword Reset User Support:Call support Metrics (authenticity in addition to validation)Time Spent on ResetsQuantity of Resets per YearCost per callWhy they callWeb-based password reset advantages (setup by users with challenge questions)ConfidentialityAuthenticityIntegrityAvailability

Johnson & Wales University-Providence RI www.phwiki.com

This Particular University is Related to this Particular Journal

Problem:Problems at the Company LevelToo many different passwords Can’t remember passwordsLack of SupportToo easyProblems at the user levelCan’t remember answers to challenge questionsDon’t know the password complexity rulesIn Summary: Maintaining multiple passwords as long as a single user to access necessary systems results in excessive work time lost in addition to cost to the companyPassword Complexity: Sample CompanyEn as long as ce password history 24 passwords rememberedMaximum password age 90 daysMinimum password age 1 daysMinimum password length 8 charactersPassword Dictionary Blacklist “%Company Name%”Password must meet complexity requirements Enabled (next slide) Password Complexity: Sample CompanyNot contain the user’s account name or parts of the user’s full name that exceed two consecutive charactersBe at least eight characters in lengthContain characters from three of the following four categories:English uppercase characters (A through Z)English lowercase characters (a through z)Base 10 digits (0 through 9)Non-alphabetic characters ( as long as example, !, $, , %)Complexity requirements are en as long as ced when passwords are created or changed.

Order of Magnitude By adding character complexity in addition to length requirements, an administrator increases the amount of time a brute as long as ce attack will take on a system by orders of magnitude.This should be taken into consideration when setting up corporate passwords st in addition to ards in addition to requirements.Order of Magnitude Order of Magnitude

Potential Solutions:Identity Management Software Leverage a unified Directory ServicePassword SynchronizationOther Options: Single Sign, On, Biometric, RSA Token, Near Field Communication (NFC), RFID, Social MediaIdentity Management Software IdM solutions provide automated creation, provisioning in addition to projection of user accounts to a directory services solution.Examples: Forefront Identity Mgr, Novell Identity Mgmt Solution, OracleLeverage a Unified Directory Service A unified directory service is a single location where all user objects reside. This streamlines the management in addition to control of access in addition to authorization.Microsoft Active DirectoryActive Directory Federation Services (ADFS)

Password SynchronizationPCNS in addition to other synchronization services leverage replication services in addition to API’s to update in addition to synchronize user passwords in unmanaged systems or environmentsPassword Change Notification Service (PCNS)Case StudyCompany X was looking into implementing a solution to improve their security while simplifying their password setup, maintenance in addition to customer support. Here’s how they achieved this objective .Company X Business RequirementsLegacy domain was an older version of Active Directory Company X is a typical enterprise company, with approximately 100k users.The directory services would need to accommodate approximately 500k objectsLarge number of Windows based clients in the current infrastructureIntegration capability with current communication technology being implemented

Company X DecisionThere are many ways to select a Directory Services (DS) plat as long as m:The reason as long as selecting Active Directory focused around the number of existing Windows based clients in addition to the communication technology being implemented.Company’s that sell DS products offer several different pricing models, in addition to can vary in cost from as little as $500k, to upwards of $10 million.Company X Project FinancialsActive Directory = $3.5 million amortized over a three year periodFIM = $4 million amortized over a three year periodCosts include Licensing in addition to CALs as long as all users in the directory structure (licensing is per user)Operating Costs (hosting & maintenance) = Approximately $400k per year.Development/Implementation Costs (typically incurred during the first two years of the product life cycle) = $2.5 millionGlobal ADGlobal AD provides the ability to have one set of credentials as long as all applications that leverage the resource.Allows as long as centralized administration of the domain.Reduces complexity as long as MIS mangers to administer user objects

Global ADCurrent StateUser population driven by a flat file feed processed once each weekData not accurate nor timelyInfrequent action taken InternationallyFuture State (Post-PeopleSoft Upgrade)Clean, Timely DataProcessed twice dailyImproved securityGlobal ADUser Objects are the Global ID (7-digit number)Currently leveraged as long as :FIMBPOS EmailOffice CommunicatorSharepointPOS System(Beta)Reservation System(Beta)Service Desk Ticketing SystemGroup Billing ProjectWork as long as ce Management SystemAssociate Learning NetworkCompany Benefits ApplicationPlanned Applications:BI SystemFinancial Applications in addition to more to comeFIMFIM st in addition to s as long as Forefront Identity ManagerAllows as long as granular user object management through a GUI interfaceProvides approval workflow in addition to audit trailUser friendly in addition to easy as long as everyone to useEmpowers the end user

FIMSelf Service Exception List requestsDynamic Distribution List MembershipAttributes on the HR Feed drive DL membership in addition to dynamic deprovisioningDynamic Application ProvisioningProvision account based on attributes in HR data or during on-boarding through FIMDynamic Email Account ProvisioningHR Director can set a flag in the on-boarding system to automatically provision an email account as long as specific users, or this can be done with attribute criteriaFIMDynamic De-provisioning of:Group MembershipsSecurity GroupsUser AccountsLeveraged Application User AccountsSelf Service On-Boarding of Contractor Type UsersAllows hiring manager to on-board in addition to create email, provision accounts, in addition to join memberships all with full audit trail in addition to workflow approvalFIM & Global ADConsider FIM the GUI as long as the Active DirectoryThe two tools together are the heartbeat of the enterprise, in addition to allow as long as a secure in addition to controlled environment, while streamlining the on-boarding process, in addition to the need as long as remembering multiple passwords by the end user.Flexible in addition to extensible, the tool can work with other email systems if international chooses not to move to Microsoft’s Cloud Service OfferingHowever, it will be much cheaper if cloud exchange is selected

Sanders, Shawn Game Revolution Contributing Writer www.phwiki.com

Current Process FlowHLNFIMADLocal HR SystemApplicationsEmailProvisioningAuthorizationFuture Process FlowPeopleSoftFIMADApplicationsEmailProvisioningAuthorizationMigration from the current to the future FIM in addition to BPOS setup

Production Setup Authentication through Password Protection Team: SuperBad CatsMSIT 458 – Dr. Chen

Sanders, Shawn Contributing Writer

Sanders, Shawn is from United States and they belong to Game Revolution and they are from  Berkeley, United States got related to this Particular Journal. and Sanders, Shawn deal with the subjects like Hobbies; Video/Computer Games

Journal Ratings by Johnson & Wales University-Providence

This Particular Journal got reviewed and rated by Johnson & Wales University-Providence and short form of this particular Institution is RI and gave this Journal an Excellent Rating.