How to use Tricipher's MyOneLogin.com to authenticate Web resources Video

By: Guest More than a year ago

I liked it...It was informative video..while I am doing my MSc project about Web Portals as SSO is a part of it. Thxxxxx M.Dali Hull Uni,UK

Reply to this Comment

How to use Tricipher's MyOneLogin.com to authenticate Web resources

How to use Tricipher's MyOneLogin.com to authenticate Web resources Hello and welcome to WebInformant.TV. I’m David Strom, your host and reviewer. Today, we’ll look at Tricipher’s MyOneLogin.com, a new service that combines two-factor authentication with single sign on for a variety of internal and web based applications. We’re looking at the main admin homepage from my company and you can see a list of my applications in various management controls down the left hand menu. Why do you need this service? We all have too many passwords to remember for a various sign on both to external websites and our internal corporate applications such as the VPNs and email. We can do one of several things, write down our passwords on the sheet and hopefully no one else will find, try to use the same password on multiple sites or use no authentication aggregation service that stores your credentials. Until now none of these methods was very secure for reasons that are shown on this table. MyOneLogin aggregates your log in credential but unlike other existing services it works more securely. Once I set up my portal with my application I just click on the icon, I get authenticated to the service and can start doing work as you can see here. I can do this for all employees in my company and save tons of time in resetting forgotten passwords and save lots of money and not having to deploy other token base solutions such as the secure ID token you see here. Everything is stored securely online on Tricipher servers and I can get access to my apps from wherever I am and with whatever PC I’m using. Setting up a new application in your portal is simple. You go to add applications, click on the icon of interest or use the search box to find the one you want such as Hertz website. Now, you go back to view applications, click on the edit text underneath the app and enter your credentials for that app. Once you confirm your choices you click on the button and you are brought directly there. I mentioned earlier that MyOneLogin is better than its competitors. Let’s look up what happens when you use open ID. Well it’s admirable than an open source single sign on solution exists. It’s not a good idea to use this service for protecting your identity. Once a hacker gains your authentication credentials at anyone open ID site. They can log on anywhere else as you. Here’s how that can work, say a phisher sends you an email with a link to their phish MySpace page as we see here. We click on the link and we think we’re logging in to legitimate MySpace website, but we’re just sending our credentials to the hacker as we see in this copy of the email. Once the hacker has gained this information they can log in as me on MySpace and proceed to use my open ID URL to gain access to whatever other site that supports it such as Yahoo mail. How does one MyOneLogin avoid this issue? Simple, they used two-factor authentication something that everyone has like I said of knowledge questions and answers or their cell phone. Say someone has figured out your username and password and is trying to connect to MyOneLogin portal from their PC. They get the following screen and depending on how you set up your MyOneLogin user with preferences that are shown here the therefore, you’ll get a set of questions to answer that only you know the answers too. When MyOneLogin will call your cell phone with the one time password that you’re asked to enter and hopefully the thief won’t also have your phone. In the preferences screen shown there are other controls that allow you to automatically log out users after specified time interval and allow users to export their credentials from all of their apps and even customized to get support link at the bottom of each screen. One of the things I like the product, there are several hundred preset applications to make it easy to create a pretty robust portal quickly and the way you can bulk upload user data via CSV is also nice. You can upload a graphic image to brand your portal as I did at the top of the screen here. I also like that you can mix web and internal apps such as here we’re logging into our SSL VPN without needing a password. This means that an enterprise doesn’t have to give out credentials for it supported applications and want to use at least the company they don’t take their apps with them. For the things I didn’t like I wish there were better support for Safari in addition to IE and FireFox. The reporting module is a big ends and robust and could use a bit more work. You go to Reports, Event Log Report and enter whatever filters to now you’re focus and you can also print this information or export it to a CSV or XML file. Thanks for watching WebInformat.TV. This is David Strom. Feel free to send me feedback via email at David@Strom.com.

No Links were listed yet. Go ahead and share!

How to use Tricipher's MyOneLogin.com to authenticate Web resources

Hello and welcome to WebInformant.TV. I’m David Strom, your host and reviewer. Today, we’ll look at Tricipher’s MyOneLogin.com, a new service that combines two-factor authentication with single sign on for a variety of internal and web based applications.

We’re looking at the main admin homepage from my company and you can see a list of my applications in various management controls down the left hand menu. Why do you need this service? We all have too many passwords to remember for a various sign on both to external websites and our internal corporate applications such as the VPNs and email.

We can do one of several things, write down our passwords on the sheet and hopefully no one else will find, try to use the same password on multiple sites or use no authentication aggregation service that stores your credentials. Until now none of these methods was very secure for reasons that are shown on this table.

MyOneLogin aggregates your log in credential but unlike other existing services it works more securely. Once I set up my portal with my application I just click on the icon, I get authenticated to the service and can start doing work as you can see here. I can do this for all employees in my company and save tons of time in resetting forgotten passwords and save lots of money and not having to deploy other token base solutions such as the secure ID token you see here.

Everything is stored securely online on Tricipher servers and I can get access to my apps from wherever I am and with whatever PC I’m using. Setting up a new application in your portal is simple. You go to add applications, click on the icon of interest or use the search box to find the one you want such as Hertz website.

Now, you go back to view applications, click on the edit text underneath the app and enter your credentials for that app. Once you confirm your choices you click on the button and you are brought directly there. I mentioned earlier that MyOneLogin is better than its competitors. Let’s look up what happens when you use open ID. Well it’s admirable than an open source single sign on solution exists. It’s not a good idea to use this service for protecting your identity.

Once a hacker gains your authentication credentials at anyone open ID site. They can log on anywhere else as you. Here’s how that can work, say a phisher sends you an email with a link to their phish MySpace page as we see here. We click on the link and we think we’re logging in to legitimate MySpace website, but we’re just sending our credentials to the hacker as we see in this copy of the email.

Once the hacker has gained this information they can log in as me on MySpace and proceed to use my open ID URL to gain access to whatever other site that supports it such as Yahoo mail. How does one MyOneLogin avoid this issue?

Simple, they used two-factor authentication something that everyone has like I said of knowledge questions and answers or their cell phone. Say someone has figured out your username and password and is trying to connect to MyOneLogin portal from their PC. They get the following screen and depending on how you set up your MyOneLogin user with preferences that are shown here the therefore, you’ll get a set of questions to answer that only you know the answers too. When MyOneLogin will call your cell phone with the one time password that you’re asked to enter and hopefully the thief won’t also have your phone.

In the preferences screen shown there are other controls that allow you to automatically log out users after specified time interval and allow users to export their credentials from all of their apps and even customized to get support link at the bottom of each screen.

One of the things I like the product, there are several hundred preset applications to make it easy to create a pretty robust portal quickly and the way you can bulk upload user data via CSV is also nice. You can upload a graphic image to brand your portal as I did at the top of the screen here.

I also like that you can mix web and internal apps such as here we’re logging into our SSL VPN without needing a password. This means that an enterprise doesn’t have to give out credentials for it supported applications and want to use at least the company they don’t take their apps with them.

For the things I didn’t like I wish there were better support for Safari in addition to IE and FireFox. The reporting module is a big ends and robust and could use a bit more work. You go to Reports, Event Log Report and enter whatever filters to now you’re focus and you can also print this information or export it to a CSV or XML file.

Thanks for watching WebInformat.TV. This is David Strom. Feel free to send me feedback via email at David@Strom.com.

Transcription by: Scribe4you Transcription Services