Authentication/Passwords

Webinar presented by Thales and Verasec on challenges and best practices for deploying and managing FIDO (phishing-resistant MFA).

This video is a quick introduction to the problems faced with common MFA systems.

CISA's guide for getting started with MFA in your business and personal life.

Protecting users and applications from brute force login attacks through strong password policies.

This article highlights MFA and the necessity to implement to all privileged account access and users who access network resources.

This guide aims to aid existing and new Duo customers in securing their MFA rollout at their respective organizations.

Learn what to look for when assessing and comparing two-factor authentication solutions.

Duo's wide variety of authentication methods make it easy for every user to securely and quickly log in.

This example procedure from the EPA describes how the agency is to implement security control requirements for the NIST SP 800-53 Identification and Authentication (IA) control family.

Gartner's user authentication product reviews and ratings

This article from infosecurity magazine, describes the importance of securing inactive user accounts.

This article describes how to set an account lockout policy.

Guide to enable Multi-factor autheitication for Active Directory Federation Services (AD FS) in Windows Server. Also provide guides for use of common Third-party authentication methods (i.e., Duo, Akamai, RSA, etc.,)

This article describes mechanisms to limit unsuccessful logon attempts and why it is important.

Guide for enforcing MFA for Microsoft 365

This webpage discusses how to regularly check for and remove inactive user accounts in Microsoft Active Directory.

Best practices for implementing account lockout policies, and an overview of Active Directory account lockout policy.

This NIST Special Publication provides technical requirements for federal agencies implementing digital identity services.

This cheat sheet from OWASP provides general authentication guidelines.

OpenOTP is a phishing-resistant MFA solution.

This documentation from Red Hat, provides an administrator step by step instructions for configuring a lockout policy based on inactivity.

Secure access to your extended enterprise with RSA SecurID Access, the leading multi-factor authentication and identity assurance solution.

This SANS guideline provides best practices for creating secure passwords.

This is a sample password protection policy from SANS.

This SANS whitepaper generalizes several authentication methods and authentication protocols.

This SANS whitepaper looks at the use of biometrics technology to determine how secure it might be in authenticating users.

This SANS whitepaper discusses implementing an additional security layer for wired networks.

This SANS whitepaper focuses on enterprise solutions for two-factor authentication.

More on Two-Factor Authentication and it's ineffectivenss defense against identity theft.

This Security Requirements Guide (SRG) is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the NIST 800-53 and related documents.

This whitepaper is directed at IT, Security, and Compliance workers who are responsible for recommending or evaluating security products; or running and managing two-factor authentication infrastructure.

How to reduce the risk of a password dictionary attack through an account lockout policy.

This example policy describes how information resources shall obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.

Gemalto's identity and access management (IAM) solutions allow organizations to meet the evolving needs around cloud applications and mobile devices.

This YouTube video discusses identification and authentication issues in the context of computer security.

Yubikey is a phishing-resistant MFA that stops modern cyber-attacks.