Internet2 2014 Global Summit Presentation

"Multi-Factor Authentication:  Do I Need it, and How Do I Deploy It?"

The threats against password-based authentication are becoming stronger over time, and password complexity and length requirements cannot continue to protect our online systems.  Multi-factor authentication (MFA) addresses this problem by integrating additional authentication schemes – typically phone, mobile device, and/or hardware-based tokens – in the authentication process to mitigate the risks inherent to passwords, thereby increasing security overall.  MFA is not a panacea, however.  Not all risks can be mitigated, and the additional requirement can introduce new risks to business continuity.  There is also, of course, cost and effort involved.

We will explore the business drivers for multi-factor authentication, including the factors that determine when and where and how it should be applied.  We will also explore potential deployment scenarios, based on an institution's specific business drivers, and assessment criteria and operational issues for MFA.  Finally, we will introduce Internet2's NSTIC-funded MFA Cohortium, a group of over 40 universities that are exploring the issues surrounding the use of multi-factor authentication in higher education and research. (We will hope to include several stories from participating institutions in how the work of the Cohortium have contributed to their MFA deployment efforts.)