PingID Security Hardening: Your Guide to Achieving Five-Star MFA Security
Co-authored by Oren Sternheim, Product Security Engineer & Richard Cardona, Manager of Product Security
-- Forrester 2018 prediction
As a general guideline, here at Ping we recommend you use multi-factor authentication (MFA) for access to any moderate- to high-risk resource. Making certain that users are who they say they are is the security cornerstone in a digital world increasingly under attack from cyber-criminals.
To provide appropriate security while maintaining end user productivity, the type of MFA utilized and the user experience impact (UX burden) should be selected to match each distinct use case.
Ping is pleased to announce a new guide for security administrators to help achieve optimal security. The PingID Security Hardening Guide was designed to offer technical guidance in increasing the security of your PingID deployment configuration, while enabling you to optimize the end user experience.
The PingID Security Hardening Guide is a single point of reference for:
When it comes to choosing the best configuration options for your digital enterprise, clearly you have to consider many factors for each use case, such as type of end user (customer, employee, partner), security level required and more. While PingID offers several methods of authentication, some methods are considered more secure than others. One of my favorite parts of this guide is the table showing the relative strengths of different MFA options:
The document delves into recommendations and limitations for specific MFA authentication methods, including recommendations when disabling an authentication method.
PingID is configured as part of the PingOne Web Portal and provides a substantial number of options and considerations. Here are some of the highlights, along with our recommendations:
PingID also supports an integration to PingFederate and there are considerations for the LDAP PCV, the PingID Adaptor and the Radius PCV when configuring PingID. The guide takes you through these in some detail.
In addition, you'll find information on Windows Login/SSH integration, the importance of keeping your PingID clients updated, and recommendations regarding the use of PingID as the primary method of web single sign-on (SSO) authentication.
To get a copy of the PingID Security Hardening Guide, Ping customers can access it here: https://ping.force.com/Support/PingIdentityArticle?id=kA31W000000XZiWSAW. And if you need help, please contact us at our Community/Support site.