Presented by:

Ba6d0e89570c2419443276c26e5a325a

cornelinux

from NetKnights GmbH

Cornelius is into multi-factor authentication for more than 12 years. He is the project lead of the privacyIDEA authentication system.

As a consultant Cornelius learnt to unterstand customers requirements in heterogenous networks. He planned and implemented several public key infrastructures for smartcards and was one of the first to work on the interoperability of the Aladdin eToken between Windows and Linux.

In 2006 he started one of the first open source OTP systems implementing the HOTP algorithm. In 2009 he initiated an enterprise OTP solution as product manager. In 2014 he founded the opensource project privacyIDEA. It is a vendor independent authentication system, which can be used to manage arbitrary authentication objects to implement many different ways of multi-factor authentication. privacyIDEA supports several authentication protocols like PAM, RADIUS, SAML or LDAP. In 2014 Cornelius also founded the company NetKnights to provide consultancy for strong and secure authentication.

Successful two-factor authentication is a matter of smooth workflows

Thanks to Google and Facebook and a lot of other public services two-factor authentication or multi-factor authentication is now known to even a lot of end users. It is not only a topic for security nerds but a demand of "normal people". But this also can lead to a wrong simplification of 2FA. Two-factor authentication does not equal the simple enrollment of a smartphone app like Google Authenticator to the user. Roughly 50% of the Twitter hashtag "#2FA" is about users complaining to services that they fail to reset their second factor or similar problems. 2FA has arrieved at the masses - but the job has often been done badly.

2FA done right

2FA is done right if it does neither annoy users, administrators nor the management.

The Open Source authentication system privacyIDEA can help to fulfill this task. privacyIDEA is a management system for many different kind of authentication objects (tokens), ranging from Email, SMS and Smartphone Apps over hardware key fob tokens and Yubikeys to virtual tokens like the four-eye-principle or the manamgement of SSH keys. It runs on premise and integrates into your existing infrastructure, managing tokens for users in SQL databases, LDAP directories or Active Directory. Applications can make use of 2FA via standard protocols like PAM, RADIUS, LDAP or SAML or via the simple REST API.

Smooth workflows

In this talk we will take a deeper look at the integrated event handler framework, that allows the administrator to automate all tasks and especially trigger new actions in case of certain events. This way privacyIDEA can easily integrate into any workflow. E.g. it can be triggered by the user management system and then communitcate to the campus printing service to add all necessary 2FA information to be shipped with the initial welcome letter for students. Token attributes can be adapted automatically, administrators or users can be notified in case of any event or the token janitor can take care of the housekeeping of all authentication objects.

Finally successful two-factor authentication becomes a matter of how smooth your workflows are and that most things can happen automagically.

Date:
2018 April 28 - 06:00
Duration:
45 min
Room:
CC-200
Conference:
LinuxFest Northwest 2018
Language:
Track:
Security
Difficulty:
Medium

Happening at the same time:

  1. Programmers are Evil
  2. Start Time:
    2018 April 28 06:00

    Room:
    HC-108

  3. OpenSource: Love what you do everyday!
  4. Start Time:
    2018 April 28 06:00

    Room:
    G-103

  5. Successful 2FA is a matter of smooth workflows
  6. Start Time:
    2018 April 28 06:00

    Room:
    CC-200

  7. Orchestrating Multi-service Applications on Kubernetes
  8. Start Time:
    2018 April 28 06:00

    Room:
    CC-235

  9. GO generate all the things!
  10. Start Time:
    2018 April 28 06:00

    Room:
    CC-236

  11. Better Brewing through Data Science and Machine Learning
  12. Start Time:
    2018 April 28 06:00

    Room:
    CC-208

  13. The Ubuntu Home Server
  14. Start Time:
    2018 April 28 06:00

    Room:
    CC-115

  15. The business case for copyleft
  16. Start Time:
    2018 April 28 06:00

    Room:
    CC-114