Hi As Ed points out Userids, Passwords and Passphrases are the easiest security credentials to bypass; by malware, sharing credentials, looking over ones shoulder or even the odd post-it note! And your users should definitely not be using the same password for all of your disparate systems, but how do you stop them when these system's security authenticaters are not linked up. I would recommend as much Multi-Factor Authentication (MFA) that you can get away with bearing in mind the admin, costs and end-user push back. This ideally should be at your front door, which is normally your PC environments. The push back comes when you then add MFA to all your systems, your PC environment, your Prod z/OS, your Q&A z/OS, etc. etc. The end users hate it! Especially if the MFA factors are different for each system as not all MFA factors are supported on all platforms. So this is potentially where single sign on helps. Logon to your PC environment using lots of MFA and then use these authenticated credentials to log on elsewhere including z/OS. If someone tries to bypass the MFA PC system then have MFA defending a direct hit to your other systems, but this will not get in the way of or upset your real authenticated users. It is possible and we run like that here at Macro 4 - you just need the right software :-) (sales pitch - sorry) And sadly as pointed out, if a hacker can get into your PC environment then they can probably already get into your z/OS systems - shutting the gate after the horse has bolted. You need to keep all of the gates firmly shut.
regards Keith ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
