Presented by:

Ba6d0e89570c2419443276c26e5a325a

Cornelius K├Âlbel

from NetKnights GmbH

Cornelius is into multi-factor authentication for more than 12 years. He is the project lead of the privacyIDEA authentication system.

As a consultant Cornelius learnt to unterstand customers requirements in heterogenous networks. He planned and implemented several public key infrastructures for smartcards and was one of the first to work on the interoperability of the Aladdin eToken between Windows and Linux.

In 2006 he started one of the first open source OTP systems implementing the HOTP algorithm. In 2009 he initiated an enterprise OTP solution as product manager. In 2014 he founded the opensource project privacyIDEA. It is a vendor independent authentication system, which can be used to manage arbitrary authentication objects to implement many different ways of multi-factor authentication. privacyIDEA supports several authentication protocols like PAM, RADIUS, SAML or LDAP. In 2014 Cornelius also founded the company NetKnights to provide consultancy for strong and secure authentication.

Successful two-factor authentication is a matter of smooth workflows

Thanks to Google and Facebook and a lot of other public services two-factor authentication or multi-factor authentication is now known to even a lot of end users. It is not only a topic for security nerds but a demand of "normal people". But this also can lead to a wrong simplification of 2FA. Two-factor authentication does not equal the simple enrollment of a smartphone app like Google Authenticator to the user. Roughly 50% of the Twitter hashtag "#2FA" is about users complaining to services that they fail to reset their second factor or similar problems. 2FA has arrieved at the masses - but the job has often been done badly.

2FA done right

2FA is done right if it does neither annoy users, administrators nor the management.

The Open Source authentication system privacyIDEA can help to fulfill this task. privacyIDEA is a management system for many different kind of authentication objects (tokens), ranging from Email, SMS and Smartphone Apps over hardware key fob tokens and Yubikeys to virtual tokens like the four-eye-principle or the manamgement of SSH keys. It runs on premise and integrates into your existing infrastructure, managing tokens for users in SQL databases, LDAP directories or Active Directory. Applications can make use of 2FA via standard protocols like PAM, RADIUS, LDAP or SAML or via the simple REST API.

Smooth workflows

In this talk we will take a deeper look at the integrated event handler framework, that allows the administrator to automate all tasks and especially trigger new actions in case of certain events. This way privacyIDEA can easily integrate into any workflow. E.g. it can be triggered by the user management system and then communitcate to the campus printing service to add all necessary 2FA information to be shipped with the initial welcome letter for students. Token attributes can be adapted automatically, administrators or users can be notified in case of any event or the token janitor can take care of the housekeeping of all authentication objects.

Finally successful two-factor authentication becomes a matter of how smooth your workflows are and that most things can happen automagically.

Date:
2018 April 28 - 06:00
Duration:
45 min
Room:
CC-200
Conference:
LinuxFest Northwest 2018
Language:
Track:
Security
Difficulty:
Medium

Happening at the same time:

  1. Build and Program Your First NXT Robot
  2. Start Time:
    2018 April 28 02:30

    Room:
    CC-234 BAIRS

  3. Do good things - and talk about it!
  4. Start Time:
    2018 April 28 05:00

    Room:
    CC-201 TUT1

  5. Introduction to Working with Vagrant
  6. Start Time:
    2018 April 28 05:00

    Room:
    CC-202 TUT2

  7. 10 in 10: Ten new things in Postgres 10
  8. Start Time:
    2018 April 28 05:30

    Room:
    HC-103 Postgres

  9. The business case for copyleft
  10. Start Time:
    2018 April 28 06:00

    Room:
    CC-114

  11. Better Brewing through Data Science and Machine Learning
  12. Start Time:
    2018 April 28 06:00

    Room:
    CC-208

  13. The Ubuntu Home Server
  14. Start Time:
    2018 April 28 06:00

    Room:
    CC-115

  15. GO generate all the things!
  16. Start Time:
    2018 April 28 06:00

    Room:
    CC-236

  17. OpenSource: Love what you do everyday!
  18. Start Time:
    2018 April 28 06:00

    Room:
    G-103

  19. Programmers are Evil
  20. Start Time:
    2018 April 28 06:00

    Room:
    HC-108

  21. Orchestrating Multi-service Applications on Kubernetes
  22. Start Time:
    2018 April 28 06:00

    Room:
    CC-235