Explore the evolution of security measures in Moodle, an open-source learning management system, in this conference talk from linux.conf.au 2020. Discover how outdated password policies were updated to align with NIST guidelines, including checks for compromised passwords and personal information. Learn about the implementation of multi-factor authentication (MFA) and its integration with various authentication methods, including single sign-on (SSO) services. Gain insights into the challenges faced and lessons learned during the security enhancement process, applicable to any application's authentication flow. Understand the importance of adapting security practices to meet modern standards and protect user data effectively.
Overview
Syllabus
Intro
What is it?
Some history
Efforts to increase security in pain points.
Password standards
Have I Been Pwned
Dictionary checks
Identifying information
Apply this anywhere
So that's what we did
A look at authentication flow
Moodle account authentication
Existing solutions
Interface layer
The patching process
MFA overview
MFA design considerations
Lessons we learned
Final thoughts
Taught by
linux.conf.au
Related Courses
-
One Does Not Simply Add MFA
-
You Shall Not Password - Modern Authentication for Web Apps
-
Common Observations from a Security Assessor
-
You Shall Not Password - Modern Authentication for Web Apps
-
You Shall Not Password - Modern Authentication for Web Apps
-
Pen Test War Stories - Why My Job Is So Easy and How You Can Make It Harder
