FIDO and Adaptive Authentication
1 like655 views
The document discusses the role of mobile devices in multi-factor authentication (MFA) and highlights various authentication methods like FIDO and adaptive authentication. It outlines the importance of factors such as geo-location, user history, and device health in assessing authentication risks. Additionally, it lists vendors recognized in the leadership compass for adaptive authentication solutions and evaluates their market positions and innovations.
FIDO and Adaptive Authentication
- 1. FIDO and Adaptive Authentication John Tolbert Lead Analyst KuppingerCole, Inc www.kuppingercole.com
- 2. Mobile Social Risk Adaptive Continuous Stronger Authentication Trends 10/5/2018© KuppingerCole 2
- 3. • SMS OTP (deprecated) • Mobile push notifications • Mobile apps • Global Platform TEE / SE • Secure Enclave for iOS • Mobile biometrics • Device native, such as TouchID, FaceID, Samsung Fingerprint • 3rd party, such as NokNok Labs, Daon, etc. • FIDO UAF and 2.0 Mobile Authentication 10/5/2018© KuppingerCole 3
- 4. Why mobile devices are important for MFA 4 FIDO
- 5. • Facebook, Google, Microsoft, LinkedIn, Twitter, et al • Based on open standards OpenID and OIDC • Can also be used for registration • Famed for Ease-of-use • Incorporates elements of risk adaptive and continuous authentication Social Logins 10/5/2018© KuppingerCole 5
- 6. Geo-location User attributes Geo-velocity User history Geo-fencing: IP addresses / ranges User on new device check Time of day / week Jailbreak or root check Device ID / fingerprint Known compromised credential check Device health assessment Fraud indicator check Known bad IP / network checks Factors that can be evaluated by risk adaptive authentication 10/5/2018© KuppingerCole 6
- 7. Risk adaptive authentication & FIDO 10/5/2018© KuppingerCole 7 FIDO
- 8. Risk Score 0 50 100 T1 T2 T3 T4 T5 T6 Risk variance across time Risk Score Continuous Authentication 10/5/2018© KuppingerCole 8 T1: Initial AuthN T2: No major environmental changes T3: Change of WiFI SSID T4: Location change T5: Normal behavior T6: Return to baseline
- 9. Identify criteria for evaluation and vendors to survey Invite vendors to participate Evaluate vendor responses Interview active customers Objective ratings Prepare report Leadership Compass Methodology 10/5/2018© KuppingerCole 9
- 10. Security Function- ality Usability Integration Interop Leadership Compass Components 10/5/2018© KuppingerCole 10
- 11. Innovation Market Position Financial Ecosystem Leadership Compass Components -- additional 10/5/2018© KuppingerCole 11
- 12. Product Leadership – functionality and completeness of vision Market Leadership – number and geographic distribution of customers, partners, and support ecosystem Innovation Leadership – delivering new and useful features at customer request Overall Leadership The Different Categories of Leadership 10/5/2018© KuppingerCole 12
- 13. • HID Global • IBM • OneSpan • RSA • SecureAuth + Core Security © KuppingerCole 13 • AdNovum • CA Technologies • Entrust Datacard • Ergon Informatik • Evidian • ForgeRock 10/5/2018 Vendors in Leadership Compass Adaptive AuthN (on-prem)
- 14. • Microsoft • Okta • One Identity • OneSpan • Ping Identity • Symantec • ThreatMetrix © KuppingerCole 14 • Centrify • Entrust Datacard • Gemalto • HID Global • ID Data Web • Iovation 10/5/2018 Vendors in Leadership Compass Cloud MFA
- 15. LC Adaptive Authentication Overall Leadership 10/5/2018© KuppingerCole 15
- 16. KuppingerCole Analysts AG Headquarters Wilhelmstraße 20-22 65185 Wiesbaden | Germany Tel +49 (211) 23 70 77 – 0 Fax +49 (211) 23 70 77 – 11 www.kuppingercole.com The Future of Information Security and Privacy – Today. sales@kuppingercole.com 10/5/2018© KuppingerCole