AALL Spectrum

AALL Spectrum / November/December 2019 / Volume 24, No. 2

AALL Spectrum / Published by American Association of Law Libraries

Issue link: http://epubs.aallnet.org/i/1178310

Contents of this Issue

Navigation

Page 41 of 55

40 AALL SPECTRUM | WWW.AALLNET.ORG provide password management mod- ules. These modules have features that collect credentials, auto-populate login information, and provide reports and login analysis. All of these products are great tools that help organizations with password management, but they don't address security issues related to user behavior. Here are the top three examples of user behavior issues we consistently encounter at Blank Rome. 3 Users don't log in to an online research platform for a specific duration and must reset their password. 3 Users attempt to log in with the wrong credentials too many times and have their accounts locked. 3 Users forget the answers to their security questions and have their accounts locked. Security Is a Serious Concern When Dealing with Password Issues In the data breaches that have occurred at eBay (145 million users), Adobe (36 million users), and JP Morgan Chase (76 million users), passwords were frequently the target. Law firms and corporations across the nation consistently deal with the risk of phishing. Phishing is the fraudulent practice of sending emails purporting to be from reputable compa- nies to entice individuals to reveal per- sonal information, such as passwords. Concerns about the reliability of user- name and passwords is not a new devel- opment. The topic was discussed back in a 1994 Washington Post article titled "The Secret Password is ... Obsolete" by John Burgess. Burgess opened the article with the statement: "Since the dawn of the electronic age, the com- puter password has been a trusted guardian of secrets large and small. For many people, obtaining their own password became a rite of initiation into computer culture itself. Now, growing numbers of security experts feel that the password in its common form is too old and unsophisticated for the job." In the 25 years since this article was written, technology has developed better forms of authentication. One such type is SAML SSO login authentication. The Benefits of Single Sign-On (SSO) Authentication Security Assertion Markup Language (SAML) is a language protocol for handling authentication and authoriza- tion in a network. In November 2002, the Organization for Advancement of Structured Information Standards (OASIS) ratified SAML as the eXten- sible Markup Language (XML) frame- work for exchanging authentication and authorization information among busi- ness partners, particularly through web services. SAML enables web-based secu- rity interoperability functions, such as single sign-on across sites that are hosted by multiple companies. Single sign-on (SSO) is an authentication process that allows a user to access various applica- tions with one set of login credentials. SAML SSO works by transferring the user's identity from one place (the iden- tity provider) to another (the service pro- vider). A dependable directory service is a critical prerequisite for SSO. There are two primary access protocols to be aware of: Active Directory Federation Services (ADFS) and Lightweight Directory Access Protocol (LDAP). Microsoft developed ADFS to extend enterprise identity beyond the firewall. It provides single sign-on access to servers that are off-premises. ADFS is a type of Security Token Service (STS) that uses a claims-based access-control authorization model. This process involves authenticating users via cookies and SAML. LDAP is a lightweight subset of the X.500 Directory Access Protocol and has been around since the early 1990s. It was developed by the University of Michigan as a software protocol to authenticate users on an active directory (AD) network, and it enables anyone to locate resources on the internet or on a corporate intranet. LDAP single sign-on also lets system admins set permissions to control access to the LDAP database. That way, you can remain confident that data stays private. Whereas ADFS focuses on Windows environments, LDAP is more flexible. It can accommodate other types of computing, including Linux/Unix. LDAP is ideal for situations where you need to access data frequently but only add to or modify it now and then. LDAP works exceptionally well with passwords. It can deal with password expiration, password quality validation, and account lockout after a user has too many failed attempts. An LDAP agent also can authenticate users in real time. It compares the data presented to what's stored in the LDAP database instantly, so no sensitive user data needs to be stored in the cloud. Implementing SSO Authentication at Blank Rome Westlaw, Lexis Advance, and Bloomberg Law all support SAML SSO authentication. SAML enables web-based security interoperability functions, such as single sign-on across sites that are hosted by multiple companies. Single sign-on (SSO) is an authentication process that allows a user to access various applications with one set of login credentials. SAML SSO works by transferring the user's identity from one place (the identity provider) to another (the service provider). TECHNOLOGY

Articles in this issue

Links on this page

Archives of this issue

view archives of AALL Spectrum - AALL Spectrum / November/December 2019 / Volume 24, No. 2