Authentifusion: Clarifying the Future of User Authentication
Download as PPTX, PDF0 likes725 views
The webinar discusses the evolution of user authentication, emphasizing the inadequacy of traditional passwords and introducing advanced authentication methods as a multilayered approach. It highlights the importance of device recognition and contextual risk assessment to create a passwordless future, alongside a three-step evaluation plan for organizations. The presentation underscores the growing concern regarding identity theft and the necessity for a frictionless user experience in authentication solutions.
Authentifusion: Clarifying the Future of User Authentication
- 1. WEBINAR AUTHENTIFUSION CLARIFYING THE FUTURE OF USER AUTHENTICATION MARCH 2016 MICHAEL THELANDER Product Marketing Manager, Authentication
- 2. 2 Understand Advanced Authentication as a multilayered approach Understand the critical relationship between Advanced Authentication and Risk Understand the role of device recognition in a “passwordless” future Provide a three-step plan to evaluate device-based authentication for your customers
- 3. 3
- 4. 4
- 5. 5 PASSWORDS HAVE BEEN WITH US A LONG TIME PA S S W O R D S I N R O M A N G A R R I S O N S 1 2 3 4 5 6 7 81 0 9
- 6. 6 PASSWORDS HAVE BEEN WITH US A LONG TIME PA S S W O R D S I N H A M L E T
- 7. 7 PASSWORDS HAVE BEEN WITH US A LONG TIME PA S S W O R D S I N D - D AY, 1 9 4 4
- 8. 8 The credential market is huge TARGE T70M SONY 10M EBAY 145M ADOBE 152M HOME DEPOT 56M 2014: 675 MILLION RECORDS EXPOSED IDENTITY THEFT RESOURCE CENTER
- 9. 9 2015 adds to 2014’s record OPM 22M ANTHEM 80M Experian / T-Mobile 15M 2015: 169 MILLION MORE RECORDS EXPOSED IDENTITY THEFT RESOURCE CENTER 11M PREMERA PATREON Unknown (15GB of passwords)
- 10. 10 2015 adds to the record exposures from 2014 FROM ONE SELLER * NOW 1.2 BILLION CREDENTIALS AVAILABLE ON BLACK MARKET *An active FBI investigation as reported by SC Magazine, November 2015
- 11. 11 Protected by only 6 passwords. 1 2 3 4 5 6 PASSWORDS ARE INCREASINGLY UNRELIABLE Consumers have an average of 24 online accounts. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 21GRBlue1421GRGreen1 4 21BlackGR1414PurpleGR2 1
- 12. 12 “In an era in which passwords are generally considered inadequate, at best, it’s easy to understand why many organizations are turning to advanced authentication” -PwC’s Global State of Information Security 2016
- 13. 13 “ADVANCED” ACCORDING TO PwC U S E A N Y O F F O U R M E T H O D S … W I T H O N E I M P O R TA N T A D D I T I O N Devices & Hardware PC fingerprint based on JS Phones & devices with SDKs Bluetooth & NFC Consumer IoT Contextual data (geo, IP, etc.) Operating System Hash of fonts IP Address Flash execution Browser version Plugin inventory Language Flash 4-part vers. Screen Resolution Hundreds of attributes
- 14. 14 “ADVANCED” ACCORDING TO PwC U S E A N Y O F F O U R M E T H O D S … W I T H O N E I M P O R TA N T A D D I T I O N Devices & Hardware PC fingerprint based on JS Phones & devices with SDKs Bluetooth & NFC Consumer IoT Contextual data (geo, IP, etc.) One-Time Passwords Valid for a session SMS Text Push Mobile token Mobile “in-app” Proprietary token Smart cards
- 15. 15 “ADVANCED” ACCORDING TO PwC U S E A N Y O F F O U R M E T H O D S … W I T H O N E I M P O R TA N T A D D I T I O N Devices & Hardware PC fingerprint based on JS Phones & devices with SDKs Bluetooth & NFC Consumer IoT Contextual data (geo, IP, etc.) One-Time Passwords Valid for a session SMS Text Push Mobile token Mobile “in-app” Proprietary token Smart cards Biometric / Behavior Fingerprint scans Retinal, facial scans Voice analysis Brain/heart signals Behavior patterns
- 16. 16 “ADVANCED” ACCORDING TO PwC U S E A N Y O F F O U R M E T H O D S … W I T H O N E I M P O R TA N T A D D I T I O N Devices & Hardware PC fingerprint based on JS Phones & devices with SDKs Bluetooth & NFC Consumer IoT Contextual data (geo, IP, etc.) One-Time Passwords Valid for a session SMS Text Push Mobile token Mobile “in-app” Proprietary token Smart cards Biometric / Behavior Fingerprint scans Retinal, facial scans Voice analysis Brain/heart signals Behavior patterns Knowledge Secret questions Captcha Passwords Pattern Matching Local knowledge Web pictographic
- 17. 17 “ADVANCED” ACCORDING TO PwC U S E A N Y O F F O U R M E T H O D S … W I T H O N E I M P O R TA N T A D D I T I O N Context User’s goal & request Data sensitivity Geo location Risk-Aware IP Address (real and implied) Device reputation Privileged access Vector (TOR browsers, anonymizers)
- 18. 18 “ADVANCED” ACCORDING TO PwC U S E A N Y O F F O U R M E T H O D S … . W I T H O N E I M P O R TA N T A D D I T I O N Devices & Hardware PC fingerprint based on JS Phones & devices with SDKs Bluetooth & NFC Consumer IoT Contextual data (geo, IP, etc.) One-Time Passwords Valid for a session SMS Text Push Mobile token Mobile “in-app” Proprietary token Smart cards Biometric / Behavior Fingerprint scans Retinal, facial scans Voice analysis Brain/heart signals Behavior patterns Knowledge Secret questions Captcha User details Pattern Matching Local knowledge Web pictographic User’s goal & request Data sensitivity Geo location IP Address (real and implied) Risk-Aware Device reputation Privileged access Language Patterns of usage
- 19. 19 “Consumers will adopt solutions that ease the burden of remembering passwords or carrying tokens. Authentication must be frictionless and easy to use.” Suzanne Hall, Managing Director, from PwC’s Global State of Information Security 2016
- 20. 20 1 Use device recognition to augment passwords and reduce friction Device-based authentication with context-aware risk assessment becomes the norm 3 Limit the use of passwords to high-risk transactions and requests only 2 iovation’s milestones on the road to passwordless IMPROVEMENT AVOIDANCE REPLACEMEN T
- 21. 21 Something you KNOW Something you HAVE Something you ARE ADVANCED AUTHENTICATION REQUIRES 2 FACTORS W H Y “ D E V I C E I D ” I S T H E F O U N D AT I O N O F A PA S S W O R D L E S S F U T U R E
- 22. 22 ADVANCE AUTHENTICATION INCLUDES RISK CONTEXT W H E R E D O W E E X P E R I E N C E T H E G R E AT E S T R I S K ? WEBSITE
- 23. 23 RISK IN CONTEXT W I T H D I F F E R E N T A U T H E N T I C AT I O N M E T H O D S
- 24. 24 DEVICE AUTHENTICATION WORKFLOW DEVICE ID GEO LOCATION DEVICE INTEGRITY ADDITIONAL DEVICE CONTEXT ASSOCIATIONS & REPUTATION USER ACCESS
- 25. 25 DEVICE AUTHENTICATION WORKFLOW DEVICE ID GEO LOCATION DEVICE INTEGRITY ADDITIONAL DEVICE CONTEXT ASSOCIATIONS & REPUTATION USER ACCESS +10 SCORE LOW RISK = Frictionless Consumer Experience SHOPPING RESOURCES NEWS +10 SCORE
- 26. 26 DEVICE AUTHENTICATION WORKFLOW DEVICE ID GEO LOCATION DEVICE INTEGRITY ADDITIONAL DEVICE CONTEXT ASSOCIATIONS & REPUTATION USER ACCESS 0 SCORE MEDIUM RISK= Moderate Friction USERNAME & PASSWORD
- 27. 27 DEVICE AUTHENTICATION WORKFLOW DEVICE ID GEO LOCATION DEVICE INTEGRITY ADDITIONAL DEVICE CONTEXT ASSOCIATIONS & REPUTATION USER ACCESS -10 SCORE HIGH RISK= Step-Up Authentication FRAUD TEAM
- 28. 28 DEVICE AUTHENTICATION WORKFLOW DEVICE ID GEO LOCATION DEVICE INTEGRITY ADDITIONAL DEVICE CONTEXT ASSOCIATIONS & REPUTATION USER ACCESS +10 SCORE 0 SCORE -10 SCORE LOW RISK = Frictionless Consumer Experience MEDIUM RISK= Moderate Friction HIGH RISK= Step-Up Authentication CREDENTIAL INPUT CREDENTIAL INPUT SHOPPING RESOURCES NEWS USERNAME & PASSWORD CREDENTIAL INPUT
- 29. 29 DEVICE CHANGE TOLERANCE W H AT A B O U T N AT U R A L D AY- T O - D AY C H A N G E S ? FONTSBROWSERLOCATION EXPECTED NOT EXPECTED UPDATED BROWSER -12BROWSER REGRESSION +1LIMITED TRAVEL MULTIPLE TIME ZONES IN 1 HOUR Aa
- 30. 30 PRECISE MATCH FUZZY MATCH ELASTIC DEVICE MATCHING Device Type: MACBOOK PRO Device Type: MACBOOK PRO MINIMUM THRESHOLD MAXIMUM THRESHOLD Operating System OS X Yosemite IP Address 22.231.113.64 Browser Safari 8.0.2 Language English Screen Resolution 2880 x 1800 Operating System OS X Yosemite or later IP Address Similar Location Browser Safari 8.0.2 or later Language English Screen Resolution 2880 x 1800
- 31. 31 HISTORICAL REPUTATION SECURITY RISK INDICATORS LINKS AND ASSOCIATIONS ANOMALOUS BEHAVIOR AUTHORIZED FOR ACCOUNT
- 32. 32
- 33. 33 HISTORICAL REPUTATION SECURITY RISK INDICATORS LINKS AND ASSOCIATIONS ANOMALOUS BEHAVIOR AUTHORIZED FOR ACCOUNT
- 34. 34
- 35. 35 1. For brand managers, product owners, or web experience managers, understand where the greatest risk is in your site 2. Understand what benefits would be realized if your customers experienced less friction 3. Assess the impact of a device-based alternative to your current methods of authentication A Three-step Plan to evaluate iovation’s Customer Authentication for your sites
- 36. 36 iovation’s Customer Authentication service wins “Best Multi-factor Authentication Solution” in Cyber Defense Magazine’s 2016 Editor’s Choice Awards
- 37. CONTACT US www.iovation.com twitter.com/iovation Product Marketing Manager, Authentication Michael Thelander michael.thelander@iovation.co m +1 503-224-6010
Editor's Notes
- #35: 24 online accounts protected by juts 6 passwords