Date: Thu, 28 Mar 2024 16:53:48 +0000 (UTC) Message-ID: <1001664801.6670.1711644828118@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_6669_1133049436.1711644828117" ------=_Part_6669_1133049436.1711644828117 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Some institutions are exploring using multi-factor authenticatio= n technologies to meet InCommon Silver standards. Motivators include defici= encies in processes for identity proofing, insecure methods for distributin= g credentials, and non-compliant passwords for existing credentials. Implem= enting multi-factor in a way that complies with Silver will help improve pr= ocesses and security.
Using multi-factor technologies to meet InCommon Silver requirements is = a challenge because the Identity Assurance Profile (IAP) is designed to add= ress credentials based on an Authentication Secret used for authentication = of the subject to the IdP. A typical Authentication Secret is something= you know such as a password or passphrase. Additional factors=E2=80= =94something you have or something you are=E2=80=94are no= t addressed in the IAP. Section 4.2.3 of the IAP states, "If other Cre= dentials are used to authenticate the Subject to the IdP, they must meet or= exceed the effect of these requirements." Since there are several referenc= es to NIST [SP 800-63] throughout this section, institutions may wish to se= ek guidance from that NIST publication to justify assertions that their mul= ti-factor deployment meets or exceeds the requirements.
Participant organizations have provided the content described on thi= s page. Using these practices does not guarantee certification in the InCom= mon Assurance Program.