Re: Two-Factor Authentication: Quick Poll

[Joel Rosenblatt <joel () COLUMBIA EDU>]

We do, but only for Unix admins - it turns out that it is provides no extra security for Windows ... you can log into a windows system from the network without 
the second factor, so unless your worried about the bad guys coming onto campus and sitting in front of your servers to log in, you are using "Security 
Theater" to protect your windows systems.

It (second factor) is effective if you have another choke point (like a database login) that uses the second factor, and it is effective to prevent 
unauthorized logins to Unix/Linux systems.

My 2 cents,
Joel

--On Monday, February 27, 2012 8:14 AM -0500 "Sarazen, Daniel" <dsarazen () UMASSP EDU> wrote:

> Hi All,
>
> Quick Poll Please:
>
>
> 1         Is your campus using, or does it plan to use, Two-Factor authentication for its most privileged users (e.g., 
> system administrators logging in
> remotely)?
>
> 2         Do you think you should?
>
> Thanks!
>
> [cid:image001.gif@01CCF527.C41F7F70]
>
> :: Daniel Sarazen, CISSP, CISA
> :: Senior Information Technology Auditor
> :: University Internal Audit
> :: University of Massachusetts President's Office
>
> :: 774-455-7558
> :: 781-724-3377 Cell
> :: 774-455-7550 Fax
> :: Dsarazen () umassp edu<mailto:Dsarazen () umassp edu>
>
> University of Massachusetts : 333 South St. : Suite 450 : Shrewsbury, MA 01545 : 
> www.massachusetts.edu<http://www.massachusetts.edu/>
>
>
> Confidentiality Note:  This email is intended for the exclusive use of the addressee(s) and may contain proprietary, 
> confidential or privileged information.
> If you are not the intended recipient(s), any dissemination, use, distribution or copying is strictly prohibited.



Joel Rosenblatt, Director, Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
Public PGP key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3