Goodbye to Passwords MIS 534 Information Security Management Contents Problems with passwords Security risks Authentication methods The future FIDO QuestionsComments Anyone whos ever clicked on a forgot your password on a website or in an app read every single one ID: 588090
Download Presentation The PPT/PDF document "Chris Calderon – February 2016" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Chris Calderon – February 2016
Goodbye to Passwords
MIS
534 Information Security Management Slide2
Contents
Problems with passwords
Security risks
Authentication methods
The future - FIDOQuestions/Comments
“Anyone
who’s ever clicked on a ‘forgot your password?’ on a website or in an app – read: every single one of us – thinks there’s
gotta
be a better way. There is
.” (
CIO.com
– Aug – 2015)Slide3
Too many, too long
Users don’t remember themUsers lack faith in passwordsInfrastructure to manage passwords
“Only 30% of users are confident that their passwords will protect the security of their online accounts.”(
Telesign
Consumer Account Security
R
eport – June 2015)
Problems with passwords
Telesign
Consumer Account Security
R
eport – June 2015)
N = 2,020; US & UK Slide4
Weak passwords, lack of policies
Using the same passwords on multiple accounts – Domino EffectFrequency of password changes
Password sharing
Shoulder surfing
Password storage
“You
don't need mad hacking skills to crack Password1, Hello123 and
password – 86
% of hackers surveyed at Black Hat said they weren't worried about being busted at any rate
.” (Network
World.com – Aug 2014)Security Risks
Network
World.com
–Aug 2014
Top10 Corporate Environment PasswordsSlide5
ID &
password authentication Biometric authentication devices & systemEnterprise
s
ingle sign-on (SSO)
Public Key Infrastructure (PKI) and digital certificate Security Token and smart card2FA & Multi-factor authenticationKnowledge, possession, inherent, location and time.
“With
the approach used by Google, Apple, and Microsoft, two-step verification combines the first two of these factors—something known only by the user, which is the account password, and something that only the user possesses, such as the smartphone or land line
telephone.” (
SecSign
Technologies – Nov 2014)Authentication Methods
SecSign Technologies – Nov 2014; 2FA: two factor authenticationSlide6
Fast Identity Online (FIDO) Alliance
non-profit founded in July 2012 and publicly announced in February 2013FIDO Members
Google,
Samsung, Microsoft, Bank
of America, Amex, MasterCard, Visa, etc.FIDO Protocol Standards
“The
FIDO method is more secure than current methods because no password of identifying information is sent out; instead, it is processed by software on the end user's device that calculates cryptographic strings to be sent to a login
server.” (
T
echTarget.com – May 2014)The futureSlide7
Questions/CommentsSlide8
References:
http://www.cio.com/article/2960634/security/why-it-s-time-to-say-goodbye-to-
passwords.html
http://lifehacker.com/5785420/the-only-secure-password-is-the-one-you-cant-
remember
https://www.telesign.com/resources/research-and-reports/telesign-consumer-account-security-report
/
https://www.telesign.com/wp-content/uploads/2015/06/TeleSign-Consumer-Account-Security-Report-2015-
FINAL.pdf
http://bankinnovation.net/2015/10/saying-goodbye-to-passwords/http://searchsecurity.techtarget.com/definition/single-factor-authentication-SFAhttp://searchsecurity.techtarget.com/feature/The-fundamentals-of-MFA-The-business-case-for-multifactor-authenticationhttps://www.secsign.com/two-factor-authentication-vs-two-step-verification/http://www.scmagazine.com/is-the-password-dead-not-just-yet/article/421648/http://www.scmagazine.com/google-testing-password-free-logins/article/461472/http://searchsecurity.techtarget.com/feature/Password-free-authentication-Figuring-out-FIDOhttps://fidoalliance.org/https://app.box.com/s/cde21pmtcqaygdqfr7o1