Many companies are apprehensive about implementing UMRA when they are in the middle of a migration process to an Active Directory (AD) environment. This may be due to the misconception that the migration must first be completed before UMRA will work properly, or starting another project while they are in the process of migration might overcomplicate the project, thus delaying the project deadline. The fact is that UMRA assists with migration both pre and post project and streamlines the process. Tools4ever expertise in this area provides a valuable project management asset and speeds up the migration process.
There are two common migration scenarios. The first of which is domain consolidation, multiple AD domains are being collapsed into a single domain. In this scenario UMRA is able to recreate the user account and, more often than not, retain the username in the new domain. Organizations also have the choice to implement new naming conventions. This occurs in circumstances where the migration results in several duplications of names. UMRA will then create a new user name and alerts end users, via email, what their new username will be along with the date that name will be made effective.
Not only is the user migration process streamlined, but the resources of those users as well. This includes items like group memberships and home directory data. As users are migrated UMRA will retain their group memberships, and if one of groups in question doesn’t reside in the new domain UMRA creates it automatically. Home directory data can either be copied to a new server in the new domain or re-permissioned on the existing server with the SID of the newly migrated account.
UMRA also assists and eases the migration process by:
Eliminating Pollution-Most migration tools will copy 1:1 which will includes erroneous and/or stale accounts. UMRA migrates users by reconciling them against a HR/SIS system so that pollution is not included. Activity reports on which groups are not being used are generated so that unused objects are not migrated.
Fill Attributes-When migration takes place there might be some missing information such as “title” or “Department”. UMRA automatically populates this information as needed.
To learn more about UMRA please visit our website.
Monday, August 15, 2011
Monday, August 8, 2011
What’s in a Password?
Find out how a recent study uncovered alarming news about the security risks in employee passwords
Would you believe it if I told you that there are less than 1% of truly random passwords in use today? Well the unfortunate reality is it’s true. A recent report* shows that less than 1% of passwords used today are random in nature. In fact, the report breaks down how some people derive their passwords; for example:
• 14% of passwords are derived from a person’s name (JohnSmith)
• 8% of password are derived from a place name – most likely the place where the person lives or was born (SeattleWA)
• 14% of passwords are purely numeric and in some situations are consecutive numbers (12345)
• 25% of passwords are random dictionary words (computer)
• Another 8% or so are made up of keyboard patterns, short phrases, words within the email address, and repeating words (asdf, myblackcat, @apple, redred – respectively)
• While the remaining 31% could not be verified during the study
This information is alarming to network and security administrators in any field. While most system administrators will set password complexity rules, not all do; and those that do may still find that employees may use passwords that are easy to replicate. So to help circumvent network breaches organizations should consider adding identity management solutions to protect themselves. There are several easy solutions an organization can implement to help reduce the risk of password security breach.
One I’d like to focus a little on is implementing a solution that requires two-factor authentication. This practice requires securing the primary login using a pass-card or biometrics. Instead of entering a username and password, users can log in by presenting a pass-card/biometric to a reader and entering a PIN code. Combining a pass-card/biometrics and a PIN code ensures strong authentication. Because this two-factor authentication is based on something users own (the pass-card/biometrics) and something they know (the PIN code).
Tools4ever’s Enterprise Single Sign On Manager(E-SSOM) offers full integration with all common two-factor authentication readers, such as HID, Mifare, Biometrie, Gridtoken, proximity-based devices and RFID readers. E-SSOM offers native integration with the driver software of the (card) reader and links the pass-card ID to the user credentials (username/password) in Active Directory. No additional software is required to create this link. This feature guarantees an user friendly and secure login for all users.
Stay tuned for my next blog where I explain how implementing a self-service password reset option can also help ensure your employees are using secure and complex passwords.
*Source: The science of password selection by Troy Hunt
Would you believe it if I told you that there are less than 1% of truly random passwords in use today? Well the unfortunate reality is it’s true. A recent report* shows that less than 1% of passwords used today are random in nature. In fact, the report breaks down how some people derive their passwords; for example:
• 14% of passwords are derived from a person’s name (JohnSmith)
• 8% of password are derived from a place name – most likely the place where the person lives or was born (SeattleWA)
• 14% of passwords are purely numeric and in some situations are consecutive numbers (12345)
• 25% of passwords are random dictionary words (computer)
• Another 8% or so are made up of keyboard patterns, short phrases, words within the email address, and repeating words (asdf, myblackcat, @apple, redred – respectively)
• While the remaining 31% could not be verified during the study
This information is alarming to network and security administrators in any field. While most system administrators will set password complexity rules, not all do; and those that do may still find that employees may use passwords that are easy to replicate. So to help circumvent network breaches organizations should consider adding identity management solutions to protect themselves. There are several easy solutions an organization can implement to help reduce the risk of password security breach.
One I’d like to focus a little on is implementing a solution that requires two-factor authentication. This practice requires securing the primary login using a pass-card or biometrics. Instead of entering a username and password, users can log in by presenting a pass-card/biometric to a reader and entering a PIN code. Combining a pass-card/biometrics and a PIN code ensures strong authentication. Because this two-factor authentication is based on something users own (the pass-card/biometrics) and something they know (the PIN code).
Tools4ever’s Enterprise Single Sign On Manager(E-SSOM) offers full integration with all common two-factor authentication readers, such as HID, Mifare, Biometrie, Gridtoken, proximity-based devices and RFID readers. E-SSOM offers native integration with the driver software of the (card) reader and links the pass-card ID to the user credentials (username/password) in Active Directory. No additional software is required to create this link. This feature guarantees an user friendly and secure login for all users.
Stay tuned for my next blog where I explain how implementing a self-service password reset option can also help ensure your employees are using secure and complex passwords.
*Source: The science of password selection by Troy Hunt
Subscribe to:
Posts (Atom)