There's this.
Logon Process Update April 1, 2022 With the recent spate of supply-chain cyberattacks, the U.S. National Institute of Standards and Technology (NIST) has issued new guidelines to secure computer system access. Previous recommendations included use of randomized, computer-generated passwords at least eight characters long. The new guidance includes an update to that previous dictum that includes randomized, computer-generated userids as well. Both userids and passwords must now be at least 20 characters long. Similar to the features offered by LastPass and 1Password to manage passwords, a service is now available from Google: Google Logon. By default, this uses four-factor identification, described as "Something you know, something you do, something you have, something you are": a password, an action, a physical device, and a biometric. The password will be the process users are familiar with, although the minimum length and generated aspect means many users will also choose to use LastPass, 1Password, or equivalent. The action component will use a phone-based application that displays a randomly selected word, which the user must then write. Setup of this component will comprise writing several hundred words on a screen or tablet. The physical component can utilize a physical token such as a YubiKey, SecurID, or mobile phone-based SMS or application authentication via OIDC. Finally, the biometric component will be implemented using repurposed Theranos Edison analysis machines and nanotainer blood sampling techniques. At the end-user's discretion, authentication can also just use a Facebook login. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN