SlideShare une entreprise Scribd logo

Discover Identity and Access Management Solutions in 40 Characters

Aidy Tificate
Aidy Tificate

The Identity management solutions required specific skill to successfully deploy it. This presentation will help you to star build some of them.

TechnologieDivertissement et humour
1  sur  19
Allidm.com Discovering Identity and Access Management Solutions Challenges Questions Introduction http://academy.allidm.com
Stay connected to Allidm Find us on Facebook: http: //www. facebook.com/allidm Follow us on Twitter: http: //twitter.com/aidy_idm Look for us on LinkedIn: http: //www. linkedin.com/allidm Visit our blog: http://www.allidm.com/blog
Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus does not reflect any official stance of any Identity and Access Management Vendor on any particular technology
Contact Us On this presentation we’ll talk about some useful topics that you can use no matter which identity and access management solution or product you are working on. If you know one that make a big difference please tell us to include it in the future aidy.allidm@gmail.com
What’s A Challenge Question challenge-response authentication is a family of protocols in which one party presents a question ("challenge") and another party must provide a valid answer ("response") to be authenticated. The challenge questions are used for security purposes to enable you to retrieve your password and to allow Customer Service to confirm your identity when you call. It is critical that you keep your challenge questions up-to-date.
Benefits Security questions reduce support costs by allowing users to retrieve their password rather than contacting support Security questions are safer, than trying to verify callers' identify over the phone. Sign-in verification can increase security over the routine user name/password option.
When is used? Using Challenge Questions for Credential Recovery Using Challenge Questions for Routine Authentication Password retrieval/reset: if you forget your password, the website will ask a question and if answered correctly, you'll get or reset the password. Sign-in verification: some websites occasionally display a security question during sign-in as a second level of verification.
Types of Questions and Answers Question Types The two types of questions that are likely to be most familiar are fixed questions and open questions. A fixed question provides a list of preset questions to a user, where the user’s choice of question can be taken only “as is” from this list. open question, where a user has complete choice and control over the question; guidance as to the question construction may be provided to the user, but the user enters the question in free-form text. A controlled question lies between the extremes of a fixed question and an open question; it is a question whose content is partially fixed, although modifiable by the user. The fixed question might allow for additional text to be added, forming a modification of the original question. What is Name's middle name? The fixed question might support a combination with an optional user-provided hint, where the hint would be presented to the individual for authentication. Answer Registration What is a memorable date for you? Date Hint: Hint
Answer Types fixed answers, controlled answers, and open answers fixed answer set involves user selection of an answer from a preset list of answers At the other extreme, an open answer involves a user manually entering his response. controlled answer, where the answer space is neither fixed nor open. Some ways in which this might be achieved are: Providing a fixed set of answers where the answer space is large enough so that most potential answers are allowed. The individual is able to enter an answer, but the format of the answer is controlled— answers that do not conform are rejected. For example, an individual might be askedto provide a memorable numeric value so that alphabetic and punctuation characterswould not be permitted for inclusion in the answer text.
Best Practices for Choosing Challenge Questions simple rules when choosing challenge questions for your users to choose. Choose questions that don't have a limited number of answers Choose questions whose answers aren't likely to change over time Choose questions that everyone can answer Choose questions that can only be answered one way Good security questions have four common characteristics. The answer to a good security question: cannot be easily guessed or researched (safe), doesn't change over time (stable), is memorable, is definitive or simple.
Designing a Challenge Question Authentication System Determining the Number of Questions to Use Determining the Types of Questions and Answers to Use Determining the appropriate question type Determining the appropriate answer type
Examples What are the last four digits of your social security number? What are the first five characters of your driver’s license number? What is your frequent flyer number? What are the first five digits of your spouse’s social security number? What is your six character alphanumeric PIN value that you choose to use for this question? What is your cell phone's SIM card ID number? (careful, this could change often for some users)
Issues Security questions create a potential hole or breach in security by providing ways for unauthorized users to gain access if the answer can be discovered. Poor questions create security breaches and confusion and cost money in support calls Good security questions can be useful in the current environment, but are not common. A challenge question system may require an additional step to obtain the challenge questions. A challenge question system may choose not to obscure (password character is replaced with a “*” when displayed on the screen) display of the answers. A challenge question system may use more than one question-answer pair. A challenge question system may make use of an “out-of-band” authentication step.
http://www.goodsecurityquestions.c om/examples.htm Good What was your childhood nickname? In what city did you meet your spouse/significant other? What is the name of your favorite childhood friend? What street did you live on in third grade? What is your oldest sibling’s birthday month and year? (e.g., January 1900) What is the middle name of your oldest child? What is your oldest sibling's middle name? What school did you attend for sixth grade? What was your childhood phone number including area code? (e.g., 000-000-0000) What is your oldest cousin's first and last name? What was the name of your first stuffed animal? In what city or town did your mother and father meet? Where were you when you had your first kiss? What is the first name of the boy or girl that you first kissed? What was the last name of your third grade teacher? In what city does your nearest sibling live? What is your oldest brother’s birthday month and year? (e.g., January 1900) What is your maternal grandmother's maiden name? In what city or town was your first job? What is the name of the place your wedding reception was held? What is the name of a college you applied to but didn't attend? Where were you when you first heard about 9/11?
http://www.goodsecurityquestions.c om/examples.htm Fair What was the name of your elementary / primary school? What is the name of the company of your first job? What was your favorite place to visit as a child? What is your spouse's mother's maiden name? What is the country of your ultimate dream vacation? What is the name of your favorite childhood teacher? To what city did you go on your honeymoon? What time of the day were you born? What was your dream job as a child? What is the street number of the house you grew up in? What is the license plate (registration) of your dad's first car? Who was your childhood hero? What was the first concert you attended? What are the last 5 digits of your credit card? What are the last 5 of your Social Security number? What is your current car registration number? What are the last 5 digits of your driver's license number? What month and day is your anniversary? (e.g., January 2) What is your grandmother's first name? What is your mother's middle name? What is the last name of your favorite high school teacher? What was the make and model of your first car? Where did you vacation last year? What is the name of your grandmother's dog? What is the name, breed, and color of current pet? What is your preferred musical genre? In what city and country do you want to retire? What is the name of the first undergraduate college you attended? What was your high school mascot? What year did you graduate from High School? What is the name of the first school you attended?
http://www.goodsecurityquestions.c om/examples.htm Poor What was your favorite sport in high school? What is the name of the High School you graduated from? What is your pet's name? In what year was your father born? In what year was your mother born? What is your mother’s (father's) first name? What is your mother's maiden name? What was the color of your first car? What is your father's middle name? In what county where you born? How many bones have you broken? What is the first and last name of your favorite college professor? On which wrist do you wear your watch? What is the color of your eyes? What is the title and artist of your favorite song? What is the title and author of your favorite book? What is the name, breed, and color of your favorite pet? What is your favorite animal? What was the last name of your favorite teacher? What is your favorite team? What is your favorite movie? What is your favorite teacher's nickname? What is your favorite TV program? What is your least favorite nickname? What is your favorite sport? What is the name of your hometown? What is the color of your father’s eyes? What is the color of your mother’s eyes? What was the name of your first pet? What sports team do you love to see lose? In what city were you born? What is the city, state/province, and year of your birth? What is the name of your hometown newspaper? What is your favorite color? What was your hair color as a child? What is your work address? What is the street name your work or office is located on? What is your address, phone number?
Challenge Question System Privacy Criteria Designers should give particular caution to using questions that ask for personal information Security Criteria related directly to the confidentiality of the challenge question answers. Guessing difficulty Answers should be difficult to guess and have an answer space with a fairly uniform distribution. Observation difficulty The answers to challenge questions should be difficult for an attacker to retrieve or observe easily.
Usability Criteria The usability of a challenge question system is concerned with providing a user-friendly experience at the stages of both answer registration and subsequent answer presentation. Applicability The applicability criterion attempts to characterize the size of the target population for which a question might be applicable. Memorability An answer is memorable as long as the user is able to recall the answer. This generally implies that the answer would be personally significant. Information that is used frequently will be more memorable, indicating that answers reflecting the habits, activities, or practices of users provide suitable answers. Repeatability There are at least two aspects of answer repeatability to consider. First, answers should have few syntactic representations. For
Allidm.com Discovering Identity and Access Management Solutions Allidm Academy http://academy.allidm.com

Recommandé

How to seamlessly integrate data quality measures into your questionnaire
How to seamlessly integrate data quality measures into your questionnaireHow to seamlessly integrate data quality measures into your questionnaire
How to seamlessly integrate data quality measures into your questionnaireAnnie Pettit, Research Methodologist
 
A Tale of Two Surveys: How using real words instead of mumbo jumbo affects su...
A Tale of Two Surveys: How using real words instead of mumbo jumbo affects su...A Tale of Two Surveys: How using real words instead of mumbo jumbo affects su...
A Tale of Two Surveys: How using real words instead of mumbo jumbo affects su...Annie Pettit, Research Methodologist
 
Fun Quiz for any events
Fun Quiz for any eventsFun Quiz for any events
Fun Quiz for any eventsPrabhakaran Ravichandran
 
Field Testing Legal Documents
Field Testing Legal DocumentsField Testing Legal Documents
Field Testing Legal DocumentsLegal Services National Technology Assistance Project (LSNTAP)
 
Basur kremi
Basur kremiBasur kremi
Basur kremiastropay kart
 
Características de la Administración
Características de la AdministraciónCaracterísticas de la Administración
Características de la AdministraciónCésar Arturo Botello Santana
 
CaBA Startup Conference 02 - A response to the challenge from the third sector
CaBA Startup Conference 02 - A response to the challenge from the third sectorCaBA Startup Conference 02 - A response to the challenge from the third sector
CaBA Startup Conference 02 - A response to the challenge from the third sectorCaBASupport
 
DESCRIPTIONS LIST WORK OF VAMED
DESCRIPTIONS LIST WORK OF VAMEDDESCRIPTIONS LIST WORK OF VAMED
DESCRIPTIONS LIST WORK OF VAMEDCao Cuong Do
 

Recommandé

How to seamlessly integrate data quality measures into your questionnaire
How to seamlessly integrate data quality measures into your questionnaireHow to seamlessly integrate data quality measures into your questionnaire
How to seamlessly integrate data quality measures into your questionnaireAnnie Pettit, Research Methodologist
 
A Tale of Two Surveys: How using real words instead of mumbo jumbo affects su...
A Tale of Two Surveys: How using real words instead of mumbo jumbo affects su...A Tale of Two Surveys: How using real words instead of mumbo jumbo affects su...
A Tale of Two Surveys: How using real words instead of mumbo jumbo affects su...Annie Pettit, Research Methodologist
 
Fun Quiz for any events
Fun Quiz for any eventsFun Quiz for any events
Fun Quiz for any eventsPrabhakaran Ravichandran
 
Field Testing Legal Documents
Field Testing Legal DocumentsField Testing Legal Documents
Field Testing Legal DocumentsLegal Services National Technology Assistance Project (LSNTAP)
 
Basur kremi
Basur kremiBasur kremi
Basur kremiastropay kart
 
Características de la Administración
Características de la AdministraciónCaracterísticas de la Administración
Características de la AdministraciónCésar Arturo Botello Santana
 
CaBA Startup Conference 02 - A response to the challenge from the third sector
CaBA Startup Conference 02 - A response to the challenge from the third sectorCaBA Startup Conference 02 - A response to the challenge from the third sector
CaBA Startup Conference 02 - A response to the challenge from the third sectorCaBASupport
 
DESCRIPTIONS LIST WORK OF VAMED
DESCRIPTIONS LIST WORK OF VAMEDDESCRIPTIONS LIST WORK OF VAMED
DESCRIPTIONS LIST WORK OF VAMEDCao Cuong Do
 
AINS 21 Completion Certificate
AINS 21 Completion CertificateAINS 21 Completion Certificate
AINS 21 Completion CertificateVikas Kawade
 
Authentication
AuthenticationAuthentication
Authenticationphanleson
 
certificate
certificatecertificate
certificatePraneeth Vinjamuri
 
Práctica 1
Práctica 1Práctica 1
Práctica 1Química Zarinista
 
Smartcards and Authentication Tokens
Smartcards and Authentication TokensSmartcards and Authentication Tokens
Smartcards and Authentication Tokenssaniacorreya
 
Unit 2 Regulation of Cyberspace
Unit 2 Regulation of CyberspaceUnit 2 Regulation of Cyberspace
Unit 2 Regulation of CyberspaceTushar Rajput
 
Coping with different downsides of mesothelioma
Coping with different downsides of mesotheliomaCoping with different downsides of mesothelioma
Coping with different downsides of mesotheliomaTanzil Al Gazmir
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniquesIGZ Software house
 
DITA Reuse Challenges and Response
DITA Reuse Challenges and ResponseDITA Reuse Challenges and Response
DITA Reuse Challenges and ResponseContrext Solutions
 
Unit 3 Cyber Crimes and Torts 8 hr
Unit 3 Cyber Crimes and Torts 8 hrUnit 3 Cyber Crimes and Torts 8 hr
Unit 3 Cyber Crimes and Torts 8 hrTushar Rajput
 
Ch31
Ch31Ch31
Ch31Wayne Jones Jnr
 
Norma sanitaria de funcionamiento de mercados de abasto
Norma sanitaria de funcionamiento de mercados de abastoNorma sanitaria de funcionamiento de mercados de abasto
Norma sanitaria de funcionamiento de mercados de abastoRoxy PoPys
 
What is a Token Service Provider?
What is a Token Service Provider?What is a Token Service Provider?
What is a Token Service Provider?Rambus Inc
 
How to Become an InfoSec Autodidact
How to Become an InfoSec AutodidactHow to Become an InfoSec Autodidact
How to Become an InfoSec AutodidactKelly Shortridge
 
Challenges and Responses in the Implementation of the K to 12
Challenges and Responses in the Implementation of the K to 12Challenges and Responses in the Implementation of the K to 12
Challenges and Responses in the Implementation of the K to 12Vinci Bueza
 
Surveyssdasdasdasd
SurveyssdasdasdasdSurveyssdasdasdasd
Surveyssdasdasdasdguestdf26a73
 
P. Shafer TSU Spring 2015 ENGL 1020s Information about Maj.docx
P. Shafer TSU Spring 2015 ENGL 1020s Information about Maj.docxP. Shafer TSU Spring 2015 ENGL 1020s Information about Maj.docx
P. Shafer TSU Spring 2015 ENGL 1020s Information about Maj.docxalfred4lewis58146
 
Mastering the interview process
Mastering the interview processMastering the interview process
Mastering the interview processRommie Duckworth
 
Guidelines in writing items for noncognitive measures
Guidelines in writing items for noncognitive measuresGuidelines in writing items for noncognitive measures
Guidelines in writing items for noncognitive measuresCarlo Magno
 
Week6 7a- developing a questionnaire
Week6 7a- developing a questionnaireWeek6 7a- developing a questionnaire
Week6 7a- developing a questionnaireHafizul Mukhlis
 
HUDDAR RESEARCH TOOL. SKILL DEV D 19 B ED SPL ED.ppt
HUDDAR RESEARCH TOOL. SKILL DEV D 19 B ED SPL ED.pptHUDDAR RESEARCH TOOL. SKILL DEV D 19 B ED SPL ED.ppt
HUDDAR RESEARCH TOOL. SKILL DEV D 19 B ED SPL ED.pptAsmitaHuddar
 
Lesson 6 - Primary Research Methods 2
Lesson 6 - Primary Research Methods 2Lesson 6 - Primary Research Methods 2
Lesson 6 - Primary Research Methods 2Kavita Parwani
 

Contenu connexe

En vedette

AINS 21 Completion Certificate
AINS 21 Completion CertificateAINS 21 Completion Certificate
AINS 21 Completion CertificateVikas Kawade
 
Authentication
AuthenticationAuthentication
Authenticationphanleson
 
Smartcards and Authentication Tokens
Smartcards and Authentication TokensSmartcards and Authentication Tokens
Smartcards and Authentication Tokenssaniacorreya
 
Unit 2 Regulation of Cyberspace
Unit 2 Regulation of CyberspaceUnit 2 Regulation of Cyberspace
Unit 2 Regulation of CyberspaceTushar Rajput
 
Coping with different downsides of mesothelioma
Coping with different downsides of mesotheliomaCoping with different downsides of mesothelioma
Coping with different downsides of mesotheliomaTanzil Al Gazmir
 
DITA Reuse Challenges and Response
DITA Reuse Challenges and ResponseDITA Reuse Challenges and Response
DITA Reuse Challenges and ResponseContrext Solutions
 
Unit 3 Cyber Crimes and Torts 8 hr
Unit 3 Cyber Crimes and Torts 8 hrUnit 3 Cyber Crimes and Torts 8 hr
Unit 3 Cyber Crimes and Torts 8 hrTushar Rajput
 
Norma sanitaria de funcionamiento de mercados de abasto
Norma sanitaria de funcionamiento de mercados de abastoNorma sanitaria de funcionamiento de mercados de abasto
Norma sanitaria de funcionamiento de mercados de abastoRoxy PoPys
 
What is a Token Service Provider?
What is a Token Service Provider?What is a Token Service Provider?
What is a Token Service Provider?Rambus Inc
 
How to Become an InfoSec Autodidact
How to Become an InfoSec AutodidactHow to Become an InfoSec Autodidact
How to Become an InfoSec AutodidactKelly Shortridge
 
Challenges and Responses in the Implementation of the K to 12
Challenges and Responses in the Implementation of the K to 12Challenges and Responses in the Implementation of the K to 12
Challenges and Responses in the Implementation of the K to 12Vinci Bueza
 

En vedette (15)

AINS 21 Completion Certificate
AINS 21 Completion CertificateAINS 21 Completion Certificate
AINS 21 Completion Certificate
 
Authentication
AuthenticationAuthentication
Authentication
 
certificate
certificatecertificate
certificate
 
Práctica 1
Práctica 1Práctica 1
Práctica 1
 
Smartcards and Authentication Tokens
Smartcards and Authentication TokensSmartcards and Authentication Tokens
Smartcards and Authentication Tokens
 
Unit 2 Regulation of Cyberspace
Unit 2 Regulation of CyberspaceUnit 2 Regulation of Cyberspace
Unit 2 Regulation of Cyberspace
 
Coping with different downsides of mesothelioma
Coping with different downsides of mesotheliomaCoping with different downsides of mesothelioma
Coping with different downsides of mesothelioma
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
 
DITA Reuse Challenges and Response
DITA Reuse Challenges and ResponseDITA Reuse Challenges and Response
DITA Reuse Challenges and Response
 
Unit 3 Cyber Crimes and Torts 8 hr
Unit 3 Cyber Crimes and Torts 8 hrUnit 3 Cyber Crimes and Torts 8 hr
Unit 3 Cyber Crimes and Torts 8 hr
 
Ch31
Ch31Ch31
Ch31
 
Norma sanitaria de funcionamiento de mercados de abasto
Norma sanitaria de funcionamiento de mercados de abastoNorma sanitaria de funcionamiento de mercados de abasto
Norma sanitaria de funcionamiento de mercados de abasto
 
What is a Token Service Provider?
What is a Token Service Provider?What is a Token Service Provider?
What is a Token Service Provider?
 
How to Become an InfoSec Autodidact
How to Become an InfoSec AutodidactHow to Become an InfoSec Autodidact
How to Become an InfoSec Autodidact
 
Challenges and Responses in the Implementation of the K to 12
Challenges and Responses in the Implementation of the K to 12Challenges and Responses in the Implementation of the K to 12
Challenges and Responses in the Implementation of the K to 12
 

Similaire à Discover Identity and Access Management Solutions in 40 Characters

Surveyssdasdasdasd
SurveyssdasdasdasdSurveyssdasdasdasd
Surveyssdasdasdasdguestdf26a73
 
P. Shafer TSU Spring 2015 ENGL 1020s Information about Maj.docx
P. Shafer TSU Spring 2015 ENGL 1020s Information about Maj.docxP. Shafer TSU Spring 2015 ENGL 1020s Information about Maj.docx
P. Shafer TSU Spring 2015 ENGL 1020s Information about Maj.docxalfred4lewis58146
 
Mastering the interview process
Mastering the interview processMastering the interview process
Mastering the interview processRommie Duckworth
 
Guidelines in writing items for noncognitive measures
Guidelines in writing items for noncognitive measuresGuidelines in writing items for noncognitive measures
Guidelines in writing items for noncognitive measuresCarlo Magno
 
Week6 7a- developing a questionnaire
Week6 7a- developing a questionnaireWeek6 7a- developing a questionnaire
Week6 7a- developing a questionnaireHafizul Mukhlis
 
HUDDAR RESEARCH TOOL. SKILL DEV D 19 B ED SPL ED.ppt
HUDDAR RESEARCH TOOL. SKILL DEV D 19 B ED SPL ED.pptHUDDAR RESEARCH TOOL. SKILL DEV D 19 B ED SPL ED.ppt
HUDDAR RESEARCH TOOL. SKILL DEV D 19 B ED SPL ED.pptAsmitaHuddar
 
Lesson 6 - Primary Research Methods 2
Lesson 6 - Primary Research Methods 2Lesson 6 - Primary Research Methods 2
Lesson 6 - Primary Research Methods 2Kavita Parwani
 
Field Resources
Field ResourcesField Resources
Field ResourcesDrDunley
 
Why write a Research Question?
Why write a Research Question?Why write a Research Question?
Why write a Research Question?ljhardin
 
BRMA College Prep Wkbk Final Draft
BRMA College Prep Wkbk Final DraftBRMA College Prep Wkbk Final Draft
BRMA College Prep Wkbk Final DraftRebecca Datus
 
Questionnair Designing lec3 RESEARCH METHODOLOGY
Questionnair Designing lec3 RESEARCH METHODOLOGYQuestionnair Designing lec3 RESEARCH METHODOLOGY
Questionnair Designing lec3 RESEARCH METHODOLOGYSaadSohail54
 
Doc Thu Ielts Listening Skills And Strategies
Doc Thu Ielts Listening Skills And StrategiesDoc Thu Ielts Listening Skills And Strategies
Doc Thu Ielts Listening Skills And StrategiesLê Thảo
 
Reflection Essay Proposing A Solution Essay Ideas
Reflection Essay Proposing A Solution Essay IdeasReflection Essay Proposing A Solution Essay Ideas
Reflection Essay Proposing A Solution Essay IdeasDawn Henderson
 
Using the Right Question Technique with ESL Students
Using the Right Question Technique with ESL StudentsUsing the Right Question Technique with ESL Students
Using the Right Question Technique with ESL StudentsJennifer Farnell
 
Buy A Term Paper Buy College Essays Custom Term
Buy A Term Paper Buy College Essays Custom TermBuy A Term Paper Buy College Essays Custom Term
Buy A Term Paper Buy College Essays Custom TermLiz Graham
 
Smithsonian Report 1882 Silver
Smithsonian Report 1882 SilverSmithsonian Report 1882 Silver
Smithsonian Report 1882 SilverVictoria Barraza
 
IELTS Speaking Part 3 - Common Question Types
IELTS Speaking Part 3 - Common Question TypesIELTS Speaking Part 3 - Common Question Types
IELTS Speaking Part 3 - Common Question TypesIELTSBackup
 

Similaire à Discover Identity and Access Management Solutions in 40 Characters (20)

Surveyssdasdasdasd
SurveyssdasdasdasdSurveyssdasdasdasd
Surveyssdasdasdasd
 
P. Shafer TSU Spring 2015 ENGL 1020s Information about Maj.docx
P. Shafer TSU Spring 2015 ENGL 1020s Information about Maj.docxP. Shafer TSU Spring 2015 ENGL 1020s Information about Maj.docx
P. Shafer TSU Spring 2015 ENGL 1020s Information about Maj.docx
 
Mastering the interview process
Mastering the interview processMastering the interview process
Mastering the interview process
 
Guidelines in writing items for noncognitive measures
Guidelines in writing items for noncognitive measuresGuidelines in writing items for noncognitive measures
Guidelines in writing items for noncognitive measures
 
Week6 7a- developing a questionnaire
Week6 7a- developing a questionnaireWeek6 7a- developing a questionnaire
Week6 7a- developing a questionnaire
 
HUDDAR RESEARCH TOOL. SKILL DEV D 19 B ED SPL ED.ppt
HUDDAR RESEARCH TOOL. SKILL DEV D 19 B ED SPL ED.pptHUDDAR RESEARCH TOOL. SKILL DEV D 19 B ED SPL ED.ppt
HUDDAR RESEARCH TOOL. SKILL DEV D 19 B ED SPL ED.ppt
 
Lesson 6 - Primary Research Methods 2
Lesson 6 - Primary Research Methods 2Lesson 6 - Primary Research Methods 2
Lesson 6 - Primary Research Methods 2
 
Data collection designing a survey
Data collection designing a surveyData collection designing a survey
Data collection designing a survey
 
Tips simon
Tips simonTips simon
Tips simon
 
Field Resources
Field ResourcesField Resources
Field Resources
 
Why write a Research Question?
Why write a Research Question?Why write a Research Question?
Why write a Research Question?
 
BRMA College Prep Wkbk Final Draft
BRMA College Prep Wkbk Final DraftBRMA College Prep Wkbk Final Draft
BRMA College Prep Wkbk Final Draft
 
Questionnair Designing lec3 RESEARCH METHODOLOGY
Questionnair Designing lec3 RESEARCH METHODOLOGYQuestionnair Designing lec3 RESEARCH METHODOLOGY
Questionnair Designing lec3 RESEARCH METHODOLOGY
 
Common Interview Questions
Common Interview QuestionsCommon Interview Questions
Common Interview Questions
 
Doc Thu Ielts Listening Skills And Strategies
Doc Thu Ielts Listening Skills And StrategiesDoc Thu Ielts Listening Skills And Strategies
Doc Thu Ielts Listening Skills And Strategies
 
Reflection Essay Proposing A Solution Essay Ideas
Reflection Essay Proposing A Solution Essay IdeasReflection Essay Proposing A Solution Essay Ideas
Reflection Essay Proposing A Solution Essay Ideas
 
Using the Right Question Technique with ESL Students
Using the Right Question Technique with ESL StudentsUsing the Right Question Technique with ESL Students
Using the Right Question Technique with ESL Students
 
Buy A Term Paper Buy College Essays Custom Term
Buy A Term Paper Buy College Essays Custom TermBuy A Term Paper Buy College Essays Custom Term
Buy A Term Paper Buy College Essays Custom Term
 
Smithsonian Report 1882 Silver
Smithsonian Report 1882 SilverSmithsonian Report 1882 Silver
Smithsonian Report 1882 Silver
 
IELTS Speaking Part 3 - Common Question Types
IELTS Speaking Part 3 - Common Question TypesIELTS Speaking Part 3 - Common Question Types
IELTS Speaking Part 3 - Common Question Types
 

Plus de Aidy Tificate

Dell Password Manager Architecture - Components
Dell Password Manager Architecture - ComponentsDell Password Manager Architecture - Components
Dell Password Manager Architecture - ComponentsAidy Tificate
 
Dell Quest TPAM Privileged Access Control
Dell Quest TPAM Privileged Access ControlDell Quest TPAM Privileged Access Control
Dell Quest TPAM Privileged Access ControlAidy Tificate
 
Dell Password Manager Introduction
Dell Password Manager IntroductionDell Password Manager Introduction
Dell Password Manager IntroductionAidy Tificate
 
Identity Manager Opensource OpenIDM Architecture
Identity Manager Opensource OpenIDM ArchitectureIdentity Manager Opensource OpenIDM Architecture
Identity Manager Opensource OpenIDM ArchitectureAidy Tificate
 
Identity Manager OpenSource OpenIDM - introduction
Identity Manager OpenSource OpenIDM - introductionIdentity Manager OpenSource OpenIDM - introduction
Identity Manager OpenSource OpenIDM - introductionAidy Tificate
 
Directory Introduction
Directory IntroductionDirectory Introduction
Directory IntroductionAidy Tificate
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management IntroductionAidy Tificate
 

Plus de Aidy Tificate (14)

Dell Password Manager Architecture - Components
Dell Password Manager Architecture - ComponentsDell Password Manager Architecture - Components
Dell Password Manager Architecture - Components
 
Dell Quest TPAM Privileged Access Control
Dell Quest TPAM Privileged Access ControlDell Quest TPAM Privileged Access Control
Dell Quest TPAM Privileged Access Control
 
Dell Password Manager Introduction
Dell Password Manager IntroductionDell Password Manager Introduction
Dell Password Manager Introduction
 
Identity Manager Opensource OpenIDM Architecture
Identity Manager Opensource OpenIDM ArchitectureIdentity Manager Opensource OpenIDM Architecture
Identity Manager Opensource OpenIDM Architecture
 
Identity Manager OpenSource OpenIDM - introduction
Identity Manager OpenSource OpenIDM - introductionIdentity Manager OpenSource OpenIDM - introduction
Identity Manager OpenSource OpenIDM - introduction
 
IAM Password
IAM PasswordIAM Password
IAM Password
 
IAM Cloud
IAM CloudIAM Cloud
IAM Cloud
 
Cloud introduction
Cloud introductionCloud introduction
Cloud introduction
 
IDM Introduction
IDM IntroductionIDM Introduction
IDM Introduction
 
Directory Introduction
Directory IntroductionDirectory Introduction
Directory Introduction
 
IDM Reconciliation
IDM ReconciliationIDM Reconciliation
IDM Reconciliation
 
SSO introduction
SSO introductionSSO introduction
SSO introduction
 
IAM Tools
IAM ToolsIAM Tools
IAM Tools
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
 

Dernier

QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 

Dernier (20)

QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 

Discover Identity and Access Management Solutions in 40 Characters

  • 1. Allidm.com Discovering Identity and Access Management Solutions Challenges Questions Introduction http://academy.allidm.com
  • 2. Stay connected to Allidm Find us on Facebook: http: //www. facebook.com/allidm Follow us on Twitter: http: //twitter.com/aidy_idm Look for us on LinkedIn: http: //www. linkedin.com/allidm Visit our blog: http://www.allidm.com/blog
  • 3. Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus does not reflect any official stance of any Identity and Access Management Vendor on any particular technology
  • 4. Contact Us On this presentation we’ll talk about some useful topics that you can use no matter which identity and access management solution or product you are working on. If you know one that make a big difference please tell us to include it in the future aidy.allidm@gmail.com
  • 5. What’s A Challenge Question challenge-response authentication is a family of protocols in which one party presents a question ("challenge") and another party must provide a valid answer ("response") to be authenticated. The challenge questions are used for security purposes to enable you to retrieve your password and to allow Customer Service to confirm your identity when you call. It is critical that you keep your challenge questions up-to-date.
  • 6. Benefits Security questions reduce support costs by allowing users to retrieve their password rather than contacting support Security questions are safer, than trying to verify callers' identify over the phone. Sign-in verification can increase security over the routine user name/password option.
  • 7. When is used? Using Challenge Questions for Credential Recovery Using Challenge Questions for Routine Authentication Password retrieval/reset: if you forget your password, the website will ask a question and if answered correctly, you'll get or reset the password. Sign-in verification: some websites occasionally display a security question during sign-in as a second level of verification.
  • 8. Types of Questions and Answers Question Types The two types of questions that are likely to be most familiar are fixed questions and open questions. A fixed question provides a list of preset questions to a user, where the user’s choice of question can be taken only “as is” from this list. open question, where a user has complete choice and control over the question; guidance as to the question construction may be provided to the user, but the user enters the question in free-form text. A controlled question lies between the extremes of a fixed question and an open question; it is a question whose content is partially fixed, although modifiable by the user. The fixed question might allow for additional text to be added, forming a modification of the original question. What is Name's middle name? The fixed question might support a combination with an optional user-provided hint, where the hint would be presented to the individual for authentication. Answer Registration What is a memorable date for you? Date Hint: Hint
  • 9. Answer Types fixed answers, controlled answers, and open answers fixed answer set involves user selection of an answer from a preset list of answers At the other extreme, an open answer involves a user manually entering his response. controlled answer, where the answer space is neither fixed nor open. Some ways in which this might be achieved are: Providing a fixed set of answers where the answer space is large enough so that most potential answers are allowed. The individual is able to enter an answer, but the format of the answer is controlled— answers that do not conform are rejected. For example, an individual might be askedto provide a memorable numeric value so that alphabetic and punctuation characterswould not be permitted for inclusion in the answer text.
  • 10. Best Practices for Choosing Challenge Questions simple rules when choosing challenge questions for your users to choose. Choose questions that don't have a limited number of answers Choose questions whose answers aren't likely to change over time Choose questions that everyone can answer Choose questions that can only be answered one way Good security questions have four common characteristics. The answer to a good security question: cannot be easily guessed or researched (safe), doesn't change over time (stable), is memorable, is definitive or simple.
  • 11. Designing a Challenge Question Authentication System Determining the Number of Questions to Use Determining the Types of Questions and Answers to Use Determining the appropriate question type Determining the appropriate answer type
  • 12. Examples What are the last four digits of your social security number? What are the first five characters of your driver’s license number? What is your frequent flyer number? What are the first five digits of your spouse’s social security number? What is your six character alphanumeric PIN value that you choose to use for this question? What is your cell phone's SIM card ID number? (careful, this could change often for some users)
  • 13. Issues Security questions create a potential hole or breach in security by providing ways for unauthorized users to gain access if the answer can be discovered. Poor questions create security breaches and confusion and cost money in support calls Good security questions can be useful in the current environment, but are not common. A challenge question system may require an additional step to obtain the challenge questions. A challenge question system may choose not to obscure (password character is replaced with a “*” when displayed on the screen) display of the answers. A challenge question system may use more than one question-answer pair. A challenge question system may make use of an “out-of-band” authentication step.
  • 14. http://www.goodsecurityquestions.c om/examples.htm Good What was your childhood nickname? In what city did you meet your spouse/significant other? What is the name of your favorite childhood friend? What street did you live on in third grade? What is your oldest sibling’s birthday month and year? (e.g., January 1900) What is the middle name of your oldest child? What is your oldest sibling's middle name? What school did you attend for sixth grade? What was your childhood phone number including area code? (e.g., 000-000-0000) What is your oldest cousin's first and last name? What was the name of your first stuffed animal? In what city or town did your mother and father meet? Where were you when you had your first kiss? What is the first name of the boy or girl that you first kissed? What was the last name of your third grade teacher? In what city does your nearest sibling live? What is your oldest brother’s birthday month and year? (e.g., January 1900) What is your maternal grandmother's maiden name? In what city or town was your first job? What is the name of the place your wedding reception was held? What is the name of a college you applied to but didn't attend? Where were you when you first heard about 9/11?
  • 15. http://www.goodsecurityquestions.c om/examples.htm Fair What was the name of your elementary / primary school? What is the name of the company of your first job? What was your favorite place to visit as a child? What is your spouse's mother's maiden name? What is the country of your ultimate dream vacation? What is the name of your favorite childhood teacher? To what city did you go on your honeymoon? What time of the day were you born? What was your dream job as a child? What is the street number of the house you grew up in? What is the license plate (registration) of your dad's first car? Who was your childhood hero? What was the first concert you attended? What are the last 5 digits of your credit card? What are the last 5 of your Social Security number? What is your current car registration number? What are the last 5 digits of your driver's license number? What month and day is your anniversary? (e.g., January 2) What is your grandmother's first name? What is your mother's middle name? What is the last name of your favorite high school teacher? What was the make and model of your first car? Where did you vacation last year? What is the name of your grandmother's dog? What is the name, breed, and color of current pet? What is your preferred musical genre? In what city and country do you want to retire? What is the name of the first undergraduate college you attended? What was your high school mascot? What year did you graduate from High School? What is the name of the first school you attended?
  • 16. http://www.goodsecurityquestions.c om/examples.htm Poor What was your favorite sport in high school? What is the name of the High School you graduated from? What is your pet's name? In what year was your father born? In what year was your mother born? What is your mother’s (father's) first name? What is your mother's maiden name? What was the color of your first car? What is your father's middle name? In what county where you born? How many bones have you broken? What is the first and last name of your favorite college professor? On which wrist do you wear your watch? What is the color of your eyes? What is the title and artist of your favorite song? What is the title and author of your favorite book? What is the name, breed, and color of your favorite pet? What is your favorite animal? What was the last name of your favorite teacher? What is your favorite team? What is your favorite movie? What is your favorite teacher's nickname? What is your favorite TV program? What is your least favorite nickname? What is your favorite sport? What is the name of your hometown? What is the color of your father’s eyes? What is the color of your mother’s eyes? What was the name of your first pet? What sports team do you love to see lose? In what city were you born? What is the city, state/province, and year of your birth? What is the name of your hometown newspaper? What is your favorite color? What was your hair color as a child? What is your work address? What is the street name your work or office is located on? What is your address, phone number?
  • 17. Challenge Question System Privacy Criteria Designers should give particular caution to using questions that ask for personal information Security Criteria related directly to the confidentiality of the challenge question answers. Guessing difficulty Answers should be difficult to guess and have an answer space with a fairly uniform distribution. Observation difficulty The answers to challenge questions should be difficult for an attacker to retrieve or observe easily.
  • 18. Usability Criteria The usability of a challenge question system is concerned with providing a user-friendly experience at the stages of both answer registration and subsequent answer presentation. Applicability The applicability criterion attempts to characterize the size of the target population for which a question might be applicable. Memorability An answer is memorable as long as the user is able to recall the answer. This generally implies that the answer would be personally significant. Information that is used frequently will be more memorable, indicating that answers reflecting the habits, activities, or practices of users provide suitable answers. Repeatability There are at least two aspects of answer repeatability to consider. First, answers should have few syntactic representations. For
  • 19. Allidm.com Discovering Identity and Access Management Solutions Allidm Academy http://academy.allidm.com