Author(s):	Peter Burnett
Location	Room 6
Date	jan Tue 14	Days Raw Files
Start	14:40	First Raw Start	error-in-template
Duration	0:30:0	Offset	None
End	15:10	Last Raw End
Chapters
Total cuts_time	None min.

https://lca2020.linux.org.au/schedule/presentation/121/
raw-playlist raw-mp4-playlist encoded-files-playlist mp4 svg png

assets release.pdf You_Shall_Not_Pass.json
logs
Admin: episode episode list cut list raw files day marks day marks day image_files

State:	--------- borked edit encode push to queue post richard review 1 email review 2 make public tweet to-miror conf done
Locked:	clear this to unlock
Locked by:	user/process that locked.
Start:	initially scheduled time from master, adjusted to match reality
Duration:	length in hh:mm:ss
Name:	Video Title (shows in video search results)
Emails:	email(s) of the presenter(s)
Released:	Unknown Yes No has someone authorised pubication
Normalise:
Channelcopy:	m=mono, 01=copy left to right, 10=right to left, 00=ignore.
Thumbnail:	filename.png
Description:	Moodle is an open source learning management system, popular with universities. As Moodle has aged, some aspects of its security have fallen well behind industry standards for security. This talk will discuss the measures that have been taken to bring it up to scratch, and the ways that this can be applied to any application. The first priority in improving the security of the platform was targeting its password policy, which suffers from the older model of 'You must have atleast 2 uppercase characters'. To address this, a new plugin was developed for the platform, which acts much more in line with current NIST guidelines, including checks for compromised passwords using the HaveIBeenPwned API, and a user's personal information. This talk will show the guidelines we worked against, and how it can be applied to any applications password flow. The next challenge to tackle was the lack of ways to augment an authentication flow. There are a huge amount of ways to authenticate to a Moodle, with support for all major SSO services, however, no potential to augment this process with additional tools such as MFA. To this end, work was done with Moodle HQ to implement a platform for this functionality on all pages that require higher security, such as changing and resetting a user's password. This talk will discuss what we learned along the way, and how to avoid common problems when implementing an MFA system such as security questions. Finally, this talk will discuss the work that we are doing to implement MFA in a way that works alongside other authentication methods, such as SSO, with discussion on alternative factors, such as trusted IP networks. markdown
Comment:	production notes