SlideShare a Scribd company logo

Electronic Authentication, More Than Just a Password

Download as PPT, PDF
Nicholas Davis, profile picture
Nicholas Davis

The document provides an overview of electronic authentication, including its importance, definitions, and various types of authentication factors such as something you know (passwords), something you have (one-time password devices), and something you are (biometrics). It discusses the benefits and drawbacks of these authentication methods, emphasizing that while passwords are widely used, they are the weakest form of authentication, whereas biometrics is considered the strongest. The document also highlights the implementation of dual-factor authentication at UW-Madison to protect sensitive information in their systems.

InternetTechnology
Related topics:
IT Security
1 of 26
Download to read offline
1
2
3
Most read
4
Most read
5
6
7
8
9
10
Most read
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Electronic Authentication More Than Just a Password Nicholas Davis, CISSP, CISA Email: ndavis1@wisc.edu May 15, 2014 Department Information Services Council
Session Overview • What electronic authentication is and why it is important • Definitions • Different types of authentication factors (username/password) • Benefits and drawbacks of various authentication technologies • Strong Authentication • Question and Answer Session
Presentation Style • Blue = Topic • Black = Informational Details • Red = Discussion • Audience participation is encouraged. Anytime you see red, you can begin to think about the discussion topic at hand
Authentication Defined Authentication is the process of providing proof to a person or system that you are indeed who you claim to be. Can you think of some examples? Electronic authentication is similar in that provides a level of assurance as to whether someone or something is who or what it claims to be in a digital environment. Can you think of some examples?
Authentication Factors • Three types of electronic authentication • Something you know – username/password • Something you have – One time password device • Something you are – Voiceprint or retinal scan • Let’s examine these in detail!
Username and Password Something that you know • Sometimes has rules associated with it, such as length, or has an expiration date. • Can you think of some other password rules? • Why do you think password rules are enforced?
Username and Password - Benefits • Most widely used electronic authentication mechanism in the world. People understand how to use it. • Low fixed cost to implement and virtually no variable cost • Fairly good for low assurance applications • No physical device required
Username and Password - Drawbacks • Can be easily shared on purpose • Can be easily stolen via Shoulder Surfing, Keyboard Logger Packet Sniffer • Can be guessed • Can be hard to remember • Password code is easy to hack
Keylogger
Make Your Passwords Strong • Be as long as possible (never shorter than 8 characters, should be at least 10, 12 is better). • Include mixed-case letters, if possible. • Include digits and punctuation marks, if possible. • Not be based on any personal information. • Not be based on any dictionary word, in any language. • Expire on a regular basis and may not be reused • May not contain any portion of your name, birthday, address or other publicly available information • May not be easily guessed • What do you think is the most popular PIN?
One Time Password (OTP) Devices Something That You Have • Have an assigned serial number which is tied to my userid • Device generates a new password every 30 seconds • Server on other end knows what to expect from the device assigned to me, at any point in time
One Time Password Device - Benefits • Difficult to share • Constantly changing password means it can’t be stolen, shoulder surfed or sniffed • Coolness factor! • Let’s try to circumvent the technology! • What would happen if I generated a one time pass code, wrote it down and then tried to use it later?
One Time Passwords - Drawbacks • Cost! • Rank very low on the washability index • Uncomfortable • Expiration • Battery Life • Can be forgotten at home
Biometrics Something That You Are • Use a unique part of your body to authenticate you, such as your voice pattern, your retina, or your fingerprint
Biometrics Benefits • Harder to steal than even a One Time Password since it is part of the user, not simply in their possession like and OTP device • Absolute uniqueness of authentication factor • Coolness factor
Biometrics Drawbacks • Cost • Complexity of Administration • Highly invasive • Not always reliable – false negatives • Not foolproof • Quick story
Single Factor vs. Multifactor vs Dual Factor • Single Factor – Using one method to authenticate. • Dual Factor – Using two different types of authentication mechanism to authenticate • Multifactor – Using multiple forms of the same factor. (Password + identifying an image that only you would know) • Some people claim multi factor is just a way around industry regulations. Good test is to ask, could I memorize both of these?
Key Concepts • Current online password based authentication techniques are weak at best: Most rely on multiple single factors • Password Credentials are easily stolen from consumers, and rarely change • Lack of consistency in authentication processes confuse consumers
Summary • There are three types of authentication technologies: – Something you know – Something you have – Something you are Password is the weakest Biometrics is the strongest
Audience Discussion and Q&A • Describe which types of authentication technologies are incorporated into your ATM card • How do you feel about the use of biometrics? • Name a situation in which you think biometrics should be used for authentication
Dual Factor Authentication At UW-Madison • Many of our systems contain “sensitive” information. For purposes of discussion, “sensitive” = information which we do not want to be accessed by the general public • Three large systems come to mind: • HRS, SFS, and ISIS
Dual Factor Rollout • Internal desire for best practices • Audit findings • HRS, across all UW-System • 2000 users • Now going live on SFS • Other systems may follow • What this means for you
We Use Symantec’s VIP • Hard tokens • Soft tokens • Serial number bound to username
Concerns • Forgot token at home • Drove over token • Accidently dropped token in bathroom • Shared token with my BFF (Best Friend Forever) • Battery died • Support system
Dual Factor Authentication The Most Important Slide
Q&A Session • If you have questions, comments, concerns, suggestions, contact: • Nicholas Davis • Email ndavis1@wisc.edu • http://facebook.com/nicholas.a.davis

More Related Content

PPTX
Two factor authentication presentation mcit
mmubashirkhan
 
PPTX
Two factor authentication.pptx
ArpithaShoby
 
PPTX
Two Factor Authentication
Nikhil Shaw
 
PDF
3 reasons your business can't ignore Two-Factor Authentication
Fortytwo
 
PPT
Biometric encryption
Divya Kottikkal
 
PPT
3D Password Presentation
Sambit Mishra
 
PDF
What is two factor or multi-factor authentication
Jack Forbes
 
PPSX
Brute force attack
Jamil Ali Ahmed
 
Two factor authentication presentation mcit
mmubashirkhan
 
Two factor authentication.pptx
ArpithaShoby
 
Two Factor Authentication
Nikhil Shaw
 
3 reasons your business can't ignore Two-Factor Authentication
Fortytwo
 
Biometric encryption
Divya Kottikkal
 
3D Password Presentation
Sambit Mishra
 
What is two factor or multi-factor authentication
Jack Forbes
 
Brute force attack
Jamil Ali Ahmed
 

What's hot (20)

PPTX
Password cracking and brute force
vishalgohel12195
 
PPTX
Password Policy and Account Lockout Policies
anilinvns
 
PPTX
Basic Security Training for End Users
Community IT Innovators
 
PPTX
Graphical Password Authentication
Abha nandan
 
PDF
Why upgrade your MFA to Adaptive Authentication?
WSO2
 
PDF
User Authentication: Passwords and Beyond
Jim Fenton
 
PPTX
Cybersecurity Awareness Overview.pptx
sanap6
 
PPT
Digital Signature
saurav5884
 
PPTX
Seminar-Two Factor Authentication
Dilip Kr. Jangir
 
PDF
A Guide to Multi Factor Authentication
Jack Forbes
 
PPT
3 d password
blogger at indiandswad
 
PPTX
User authentication
CAS
 
PPTX
Digital signature
Filipp Kolobov
 
PPTX
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
AwodiranOlumide
 
PPT
Information security
LJ PROJECTS
 
PPTX
Multifactor Authentication
Ronnie Isherwood
 
PPTX
2FA Protocol Presentation
Akhil Agrawal
 
PPTX
Digital certificates
Simmi Kamra
 
PDF
Cybersecurity Awareness Training Presentation v2024.03
DallasHaselhorst
 
PPT
End User Security Awareness - Information Security
WorldTrade3
 
Password cracking and brute force
vishalgohel12195
 
Password Policy and Account Lockout Policies
anilinvns
 
Basic Security Training for End Users
Community IT Innovators
 
Graphical Password Authentication
Abha nandan
 
Why upgrade your MFA to Adaptive Authentication?
WSO2
 
User Authentication: Passwords and Beyond
Jim Fenton
 
Cybersecurity Awareness Overview.pptx
sanap6
 
Digital Signature
saurav5884
 
Seminar-Two Factor Authentication
Dilip Kr. Jangir
 
A Guide to Multi Factor Authentication
Jack Forbes
 
3 d password
blogger at indiandswad
 
User authentication
CAS
 
Digital signature
Filipp Kolobov
 
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
AwodiranOlumide
 
Information security
LJ PROJECTS
 
Multifactor Authentication
Ronnie Isherwood
 
2FA Protocol Presentation
Akhil Agrawal
 
Digital certificates
Simmi Kamra
 
Cybersecurity Awareness Training Presentation v2024.03
DallasHaselhorst
 
End User Security Awareness - Information Security
WorldTrade3
 
Ad

Similar to Electronic Authentication, More Than Just a Password (20)

PPT
Electronic authentication more than just a password
Nicholas Davis
 
PPT
Electronic Authentication More Than Just A Password
Nicholas Davis
 
PPT
Authenticationtechnologies 120711134100-phpapp01
Hai Nguyen
 
PDF
Two-factor authentication- A sample writing _Zaman
Asad Zaman
 
PPT
Authentication Technologies
Nicholas Davis
 
PPT
Authentication technologies
Nicholas Davis
 
PDF
Class paper final
Anusha Manchala
 
PDF
Making User Authentication More Usable
Jim Fenton
 
PDF
information security Lecture by cyber security
faiziikanwal47
 
PDF
Two factor authentication
Hai Nguyen
 
PDF
Two factor authentication
Hai Nguyen
 
DOCX
Biometric Authentication Technology - Report
Navin Kumar
 
PDF
UNIT 2 Information Security Sharad Institute
SatishPise4
 
PPTX
3d password
Abinaya Sathya
 
PDF
Nt1330 Week 1 Case Study Of EAP.pdfNt1330 Week 1 Case Study Of EAP
Evelyn Donaldson
 
PDF
Twg 04-04
Hai Nguyen
 
PDF
AnevaluationofsecurestorageofauthenticationdataIJISR.pdf
tonkung6
 
PPT
Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos De Pedro
 
PPTX
Unit-4-User-Authentication.pptx
Puskar Bhandari
 
PDF
2020-08_The_Evolution_of_Authentication.pdf
FerriantoSuryanto
 
Electronic authentication more than just a password
Nicholas Davis
 
Electronic Authentication More Than Just A Password
Nicholas Davis
 
Authenticationtechnologies 120711134100-phpapp01
Hai Nguyen
 
Two-factor authentication- A sample writing _Zaman
Asad Zaman
 
Authentication Technologies
Nicholas Davis
 
Authentication technologies
Nicholas Davis
 
Class paper final
Anusha Manchala
 
Making User Authentication More Usable
Jim Fenton
 
information security Lecture by cyber security
faiziikanwal47
 
Two factor authentication
Hai Nguyen
 
Two factor authentication
Hai Nguyen
 
Biometric Authentication Technology - Report
Navin Kumar
 
UNIT 2 Information Security Sharad Institute
SatishPise4
 
3d password
Abinaya Sathya
 
Nt1330 Week 1 Case Study Of EAP.pdfNt1330 Week 1 Case Study Of EAP
Evelyn Donaldson
 
Twg 04-04
Hai Nguyen
 
AnevaluationofsecurestorageofauthenticationdataIJISR.pdf
tonkung6
 
Marcos de Pedro Neoris authenware_cybersecurity step1
Marcos De Pedro
 
Unit-4-User-Authentication.pptx
Puskar Bhandari
 
2020-08_The_Evolution_of_Authentication.pdf
FerriantoSuryanto
 
Ad

More from Nicholas Davis (20)

PPTX
Conducting a NIST Cybersecurity Framework (CSF) Assessment
Nicholas Davis
 
PPTX
Top Cybersecurity Challenges Facing Your Business
Nicholas Davis
 
PPTX
UW-Madison, Information Systems 371 - Decision Support Systems
Nicholas Davis
 
PPTX
Lecture blockchain
Nicholas Davis
 
PPTX
Software Development Methodologies
Nicholas Davis
 
PPTX
Information systems 365 - Cloud and BYOD Security
Nicholas Davis
 
PPTX
Information Security Awareness: at Work, at Home, and For Your Kids
Nicholas Davis
 
PPTX
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Nicholas Davis
 
PPTX
Information Systems 371 -The Internet of Things Overview
Nicholas Davis
 
PPTX
Cyberwar Gets Personal
Nicholas Davis
 
PPTX
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
Nicholas Davis
 
PPT
Bringing the Entire Information Security Semester Together With a Team Project
Nicholas Davis
 
PPT
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
Nicholas Davis
 
PPTX
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Nicholas Davis
 
PPTX
Information Security Fall Semester 2016 - Course Wrap Up Summary
Nicholas Davis
 
PPTX
Organizational Phishing Education
Nicholas Davis
 
PPT
Security Operations -- An Overview
Nicholas Davis
 
PPT
Network Design, Common Network Terminology and Security Implications
Nicholas Davis
 
PPT
Survey Presentation About Application Security
Nicholas Davis
 
PPT
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
Nicholas Davis
 
Conducting a NIST Cybersecurity Framework (CSF) Assessment
Nicholas Davis
 
Top Cybersecurity Challenges Facing Your Business
Nicholas Davis
 
UW-Madison, Information Systems 371 - Decision Support Systems
Nicholas Davis
 
Lecture blockchain
Nicholas Davis
 
Software Development Methodologies
Nicholas Davis
 
Information systems 365 - Cloud and BYOD Security
Nicholas Davis
 
Information Security Awareness: at Work, at Home, and For Your Kids
Nicholas Davis
 
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Nicholas Davis
 
Information Systems 371 -The Internet of Things Overview
Nicholas Davis
 
Cyberwar Gets Personal
Nicholas Davis
 
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
Nicholas Davis
 
Bringing the Entire Information Security Semester Together With a Team Project
Nicholas Davis
 
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
Nicholas Davis
 
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Nicholas Davis
 
Information Security Fall Semester 2016 - Course Wrap Up Summary
Nicholas Davis
 
Organizational Phishing Education
Nicholas Davis
 
Security Operations -- An Overview
Nicholas Davis
 
Network Design, Common Network Terminology and Security Implications
Nicholas Davis
 
Survey Presentation About Application Security
Nicholas Davis
 
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
Nicholas Davis
 

Recently uploaded (20)

PDF
The New Creative Director: How AI Tools for Social Media Content Creation Are...
SageTitans
 
PPTX
522797556-Unit-2-Temperature-measurement-1-1.pptx
msar8888
 
PPT
tcp ip networks nd ip layering assotred slides
pakadamfdp
 
PPTX
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
 
PDF
Decoding a Decade: 10 Years of Applied CTI Discipline
Andreas Sfakianakis
 
PDF
Paper PDF World Game (s) Great Redesign.pdf
Steven McGee
 
PPTX
Introduction about ICD -10 and ICD11 on 5.8.25.pptx
naveenithkrishnan
 
PPTX
QR Codes Qr codecodecodecodecocodedecodecode
SRMediaZone
 
PPTX
Job_Card_System_Styled_lorem_ipsum_.pptx
Jeffkigen
 
PPTX
Introuction about ICD -10 and ICD-11 PPT.pptx
naveenithkrishnan
 
PDF
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
 
PPTX
Funds Management Learning Material for Beg
NKKumar16
 
PPTX
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
 
PDF
WebRTC in SignalWire - troubleshooting media negotiation
Giacomo Vacca
 
PPTX
introduction about ICD -10 & ICD-11 ppt.pptx
naveenithkrishnan
 
PDF
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
 
PDF
Sims 4 Historia para lo sims 4 para jugar
lolpopy34
 
PDF
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
 
PPTX
artificial intelligence overview of it and more
yafotin445
 
PPT
Design_with_Watersergyerge45hrbgre4top (1).ppt
DiogoRibeiro730590
 
The New Creative Director: How AI Tools for Social Media Content Creation Are...
SageTitans
 
522797556-Unit-2-Temperature-measurement-1-1.pptx
msar8888
 
tcp ip networks nd ip layering assotred slides
pakadamfdp
 
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
 
Decoding a Decade: 10 Years of Applied CTI Discipline
Andreas Sfakianakis
 
Paper PDF World Game (s) Great Redesign.pdf
Steven McGee
 
Introduction about ICD -10 and ICD11 on 5.8.25.pptx
naveenithkrishnan
 
QR Codes Qr codecodecodecodecocodedecodecode
SRMediaZone
 
Job_Card_System_Styled_lorem_ipsum_.pptx
Jeffkigen
 
Introuction about ICD -10 and ICD-11 PPT.pptx
naveenithkrishnan
 
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
 
Funds Management Learning Material for Beg
NKKumar16
 
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
 
WebRTC in SignalWire - troubleshooting media negotiation
Giacomo Vacca
 
introduction about ICD -10 & ICD-11 ppt.pptx
naveenithkrishnan
 
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
 
Sims 4 Historia para lo sims 4 para jugar
lolpopy34
 
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
 
artificial intelligence overview of it and more
yafotin445
 
Design_with_Watersergyerge45hrbgre4top (1).ppt
DiogoRibeiro730590
 

Electronic Authentication, More Than Just a Password

  • 1. Electronic Authentication More Than Just a Password Nicholas Davis, CISSP, CISA Email: ndavis1@wisc.edu May 15, 2014 Department Information Services Council
  • 2. Session Overview • What electronic authentication is and why it is important • Definitions • Different types of authentication factors (username/password) • Benefits and drawbacks of various authentication technologies • Strong Authentication • Question and Answer Session
  • 3. Presentation Style • Blue = Topic • Black = Informational Details • Red = Discussion • Audience participation is encouraged. Anytime you see red, you can begin to think about the discussion topic at hand
  • 4. Authentication Defined Authentication is the process of providing proof to a person or system that you are indeed who you claim to be. Can you think of some examples? Electronic authentication is similar in that provides a level of assurance as to whether someone or something is who or what it claims to be in a digital environment. Can you think of some examples?
  • 5. Authentication Factors • Three types of electronic authentication • Something you know – username/password • Something you have – One time password device • Something you are – Voiceprint or retinal scan • Let’s examine these in detail!
  • 6. Username and Password Something that you know • Sometimes has rules associated with it, such as length, or has an expiration date. • Can you think of some other password rules? • Why do you think password rules are enforced?
  • 7. Username and Password - Benefits • Most widely used electronic authentication mechanism in the world. People understand how to use it. • Low fixed cost to implement and virtually no variable cost • Fairly good for low assurance applications • No physical device required
  • 8. Username and Password - Drawbacks • Can be easily shared on purpose • Can be easily stolen via Shoulder Surfing, Keyboard Logger Packet Sniffer • Can be guessed • Can be hard to remember • Password code is easy to hack
  • 10. Make Your Passwords Strong • Be as long as possible (never shorter than 8 characters, should be at least 10, 12 is better). • Include mixed-case letters, if possible. • Include digits and punctuation marks, if possible. • Not be based on any personal information. • Not be based on any dictionary word, in any language. • Expire on a regular basis and may not be reused • May not contain any portion of your name, birthday, address or other publicly available information • May not be easily guessed • What do you think is the most popular PIN?
  • 11. One Time Password (OTP) Devices Something That You Have • Have an assigned serial number which is tied to my userid • Device generates a new password every 30 seconds • Server on other end knows what to expect from the device assigned to me, at any point in time
  • 12. One Time Password Device - Benefits • Difficult to share • Constantly changing password means it can’t be stolen, shoulder surfed or sniffed • Coolness factor! • Let’s try to circumvent the technology! • What would happen if I generated a one time pass code, wrote it down and then tried to use it later?
  • 13. One Time Passwords - Drawbacks • Cost! • Rank very low on the washability index • Uncomfortable • Expiration • Battery Life • Can be forgotten at home
  • 14. Biometrics Something That You Are • Use a unique part of your body to authenticate you, such as your voice pattern, your retina, or your fingerprint
  • 15. Biometrics Benefits • Harder to steal than even a One Time Password since it is part of the user, not simply in their possession like and OTP device • Absolute uniqueness of authentication factor • Coolness factor
  • 16. Biometrics Drawbacks • Cost • Complexity of Administration • Highly invasive • Not always reliable – false negatives • Not foolproof • Quick story
  • 17. Single Factor vs. Multifactor vs Dual Factor • Single Factor – Using one method to authenticate. • Dual Factor – Using two different types of authentication mechanism to authenticate • Multifactor – Using multiple forms of the same factor. (Password + identifying an image that only you would know) • Some people claim multi factor is just a way around industry regulations. Good test is to ask, could I memorize both of these?
  • 18. Key Concepts • Current online password based authentication techniques are weak at best: Most rely on multiple single factors • Password Credentials are easily stolen from consumers, and rarely change • Lack of consistency in authentication processes confuse consumers
  • 19. Summary • There are three types of authentication technologies: – Something you know – Something you have – Something you are Password is the weakest Biometrics is the strongest
  • 20. Audience Discussion and Q&A • Describe which types of authentication technologies are incorporated into your ATM card • How do you feel about the use of biometrics? • Name a situation in which you think biometrics should be used for authentication
  • 21. Dual Factor Authentication At UW-Madison • Many of our systems contain “sensitive” information. For purposes of discussion, “sensitive” = information which we do not want to be accessed by the general public • Three large systems come to mind: • HRS, SFS, and ISIS
  • 22. Dual Factor Rollout • Internal desire for best practices • Audit findings • HRS, across all UW-System • 2000 users • Now going live on SFS • Other systems may follow • What this means for you
  • 23. We Use Symantec’s VIP • Hard tokens • Soft tokens • Serial number bound to username
  • 24. Concerns • Forgot token at home • Drove over token • Accidently dropped token in bathroom • Shared token with my BFF (Best Friend Forever) • Battery died • Support system
  • 25. Dual Factor Authentication The Most Important Slide
  • 26. Q&A Session • If you have questions, comments, concerns, suggestions, contact: • Nicholas Davis • Email ndavis1@wisc.edu • http://facebook.com/nicholas.a.davis