Authentifusion: Clarifying the Future of User Authentication
-
Upload
kelly-colbert -
Category
Software
-
view
120 -
download
0
Transcript of Authentifusion: Clarifying the Future of User Authentication
WEBINAR
AUTHENTIFUSIONCLARIFYING THE FUTURE OF USER AUTHENTICATION
MARCH 2016
MICHAEL THELANDER Product Marketing Manager, Authentication
2
Understand Advanced Authentication as a multilayered approach
Understand the critical relationship between Advanced Authentication and Risk
Understand the role of device recognition in a “passwordless” future
Provide a three-step plan to evaluate device-based authentication for your customers
3
4
5
PASSWORDS HAVE BEEN WITH US A LONG T IMEPA S S W O R D S I N R O M A N G A R R I S O N S
1
23
4
5
6
781
0
9
6
PASSWORDS HAVE BEEN WITH US A LONG T IMEPA S S W O R D S I N H A M L E T
7
PASSWORDS HAVE BEEN WITH US A LONG T IMEPA S S W O R D S I N D - D AY , 1 9 4 4
8
The credential market is huge
TARGET70M
SONY 10M
EBAY145M ADOBE
152M
HOME DEPOT56M
2014: 675 MILLION RECORDS EXPOSED
IDENTITY THEFT RESOURCE CENTER
9
2015 adds to 2014’s record
OPM22M
ANTHEM80M
Experian/ T-Mobile
15M
2015: 169 MILLION MORE RECORDS EXPOSED
IDENTITY THEFT RESOURCE CENTER
11MPREMERA
PATREONUnknown
(15GB of passwords)
10
2015 adds to the record exposures from 2014
FROM ONE SELLER *
NOW 1.2 BILLION CREDENTIALS
AVAILABLE ON BLACK MARKET
*An active FBI investigation as reported by SC Magazine, November 2015
11
Protected by only6 passwords.
1 2
3 4
5 6
PASSWORDS ARE INCREASINGLY UNREL IABLE
Consumers have an average of 24 online accounts.
1 2 3 4 5 6
7 8 9 10 11 12
13 14 15 16 17 18
19 20 21 22 23 24
21GRBlue14
21GRGreen14
21BlackGR14
14PurpleGR21
12
“In an era in which passwords are generally considered inadequate, at best, it’s easy to understand why many
organizations are turning to advanced authentication”
-PwC’s Global State of Information Security 2016
13
“ADVANCED” ACCORDING TO PwCU S E A N Y O F F O U R M E T H O D S … W I T H O N E I M P O RTA N T A D D I T I O N
Devices & Hardware PC fingerprint
based on JS Phones &
devices with SDKs
Bluetooth & NFC Consumer IoT Contextual data
(geo, IP, etc.)Operating System
Hash of fonts
IP Address Flash executionBrowser version Plugin
inventoryLanguage Flash 4-part
vers. Screen Resolution
Hundreds of attributes
14
“ADVANCED” ACCORDING TO PwCU S E A N Y O F F O U R M E T H O D S … W I T H O N E I M P O RTA N T A D D I T I O N
Devices & Hardware PC fingerprint
based on JS Phones &
devices with SDKs
Bluetooth & NFC Consumer IoT Contextual data
(geo, IP, etc.)
One-Time Passwords Valid for a
session SMS Text Push Mobile token Mobile “in-app” Proprietary
token Smart cards
15
“ADVANCED” ACCORDING TO PwCU S E A N Y O F F O U R M E T H O D S … W I T H O N E I M P O RTA N T A D D I T I O N
Devices & Hardware PC fingerprint
based on JS Phones &
devices with SDKs
Bluetooth & NFC Consumer IoT Contextual data
(geo, IP, etc.)
One-Time Passwords Valid for a
session SMS Text Push Mobile token Mobile “in-app” Proprietary
token Smart cards
Biometric / Behavior Fingerprint scans Retinal, facial
scans Voice analysis Brain/heart
signals Behavior
patterns
16
“ADVANCED” ACCORDING TO PwCU S E A N Y O F F O U R M E T H O D S … W I T H O N E I M P O RTA N T A D D I T I O N
Devices & Hardware PC fingerprint
based on JS Phones &
devices with SDKs
Bluetooth & NFC Consumer IoT Contextual data
(geo, IP, etc.)
One-Time Passwords Valid for a
session SMS Text Push Mobile token Mobile “in-app” Proprietary
token Smart cards
Biometric / Behavior Fingerprint scans Retinal, facial
scans Voice analysis Brain/heart
signals Behavior
patterns
Knowledge Secret questions Captcha Passwords Pattern Matching Local knowledge Web
pictographic
17
“ADVANCED” ACCORDING TO PwCU S E A N Y O F F O U R M E T H O D S … W I T H O N E I M P O RTA N T A D D I T I O N
Context User’s goal & request Data sensitivity Geo location
Risk-Aware IP Address (real and implied) Device reputation Privileged access Vector (TOR browsers,
anonymizers)
18
“ADVANCED” ACCORDING TO PwCU S E A N Y O F F O U R M E T H O D S … . W I T H O N E I M P O RTA N T A D D I T I O N
Devices & Hardware PC fingerprint
based on JS Phones &
devices with SDKs
Bluetooth & NFC Consumer IoT Contextual data
(geo, IP, etc.)
One-Time Passwords Valid for a
session SMS Text Push Mobile token Mobile “in-app” Proprietary
token Smart cards
Biometric / Behavior Fingerprint scans Retinal, facial
scans Voice analysis Brain/heart
signals Behavior
patterns
Knowledge Secret questions Captcha User details Pattern Matching Local knowledge Web
pictographic
User’s goal & request Data sensitivity Geo location IP Address (real and
implied)
Risk-Aware Device reputation Privileged access Language Patterns of usage
19
“Consumers will adopt solutions that ease the burden of remembering passwords or carrying tokens.
Authentication must be frictionless and easy to use.”
Suzanne Hall, Managing Director, from PwC’s Global State of Information Security 2016
20
1
Use device recognition to
augment passwords and reduce friction
Device-based authentication with context-aware risk
assessment becomes the norm
3
Limit the use of passwords to high-
risk transactions and
requests only
2
iovation’s milestones on the road to passwordless
IMPROVEMENT
AVOIDANCE REPLACEMENT
21
Something you KNOW
Something you HAVE
Something you ARE
ADVANCED AUTHENTICAT ION REQUIRES 2 FACTORSW H Y “ D E V I C E I D ” I S T H E F O U N D AT I O N O F A P A S S W O R D L E S S F U T U R E
22
ADVANCE AUTHENTICAT ION INCLUDES R ISK CONTEXTW H E R E D O W E E X P E R I E N C E T H E G R E AT E S T R I S K ?
WEBSITE
23
RISK IN CONTEXTW I T H D I F F E R E N T A U T H E N T I C AT I O N M E T H O D S
24
DEVICE AUTHENTICAT ION WORKFLOW
DEVICE ID
GEO LOCATION
DEVICE INTEGRITY
ADDITIONAL DEVICE CONTEXT
ASSOCIATIONS &REPUTATION
USER ACCESS
25
DEVICE AUTHENTICAT ION WORKFLOW
DEVICE ID
GEO LOCATION
DEVICE INTEGRITY
ADDITIONAL DEVICE CONTEXT
ASSOCIATIONS &REPUTATION
USER ACCESS
+10SCORE
LOW RISK = FrictionlessConsumer Experience
SHOPPINGRESOURCESNEWS
+10SCORE
26
DEVICE AUTHENTICAT ION WORKFLOW
DEVICE ID
GEO LOCATION
DEVICE INTEGRITY
ADDITIONAL DEVICE CONTEXT
ASSOCIATIONS &REPUTATION
USER ACCESS
0SCORE
MEDIUM RISK= Moderate Friction
USERNAME &PASSWORD
27
DEVICE AUTHENTICAT ION WORKFLOW
DEVICE ID
GEO LOCATION
DEVICE INTEGRITY
ADDITIONAL DEVICE CONTEXT
ASSOCIATIONS &REPUTATION
USER ACCESS
-10SCORE
HIGH RISK= Step-Up Authentication
FRAUD TEAM
28
DEVICE AUTHENTICAT ION WORKFLOW
DEVICE ID
GEO LOCATION
DEVICE INTEGRITY
ADDITIONAL DEVICE CONTEXT
ASSOCIATIONS &REPUTATION
USER ACCESS
+10SCORE
0SCORE
-10SCORE
LOW RISK = FrictionlessConsumer Experience
MEDIUM RISK= Moderate Friction
HIGH RISK= Step-Up Authentication
CREDENTIALINPUT
CREDENTIALINPUT
SHOPPINGRESOURCESNEWS
USERNAME &PASSWORD
CREDENTIALINPUT
29
DEVICE CHANGE TOLERANCEW H AT A B O U T N AT U R A L D AY-T O - D AY C H A N G E S ?
FONTSBROWSERLOCATION
EXPECTED
NOT EXPECTED
UPDATEDBROWSER
-12BROWSERREGRESSION
+1LIMITEDTRAVEL
MULTIPLE TIME ZONES IN 1 HOUR
Aa
30
PRECISE MATCH FUZZY MATCH
ELAST IC DEVICE MATCHING
Device Type: MACBOOK PRO Device Type: MACBOOK PRO
MINIMUM THRESHOLD
MAXIMUM THRESHOLD
Operating System OS X YosemiteIP Address 22.231.113.64Browser Safari 8.0.2Language EnglishScreen Resolution 2880 x 1800
Operating System OS X Yosemite or later
IP Address Similar LocationBrowser Safari 8.0.2 or laterLanguage EnglishScreen Resolution 2880 x 1800
31
HISTORICALREPUTATION
SECURITY RISK INDICATORS
LINKS ANDASSOCIATIONS
ANOMALOUS BEHAVIOR
AUTHORIZEDFOR ACCOUNT
32
33
HISTORICALREPUTATION
SECURITY RISK INDICATORS
LINKS ANDASSOCIATIONS
ANOMALOUS BEHAVIOR
AUTHORIZEDFOR ACCOUNT
34
35
1. For brand managers, product owners, or web experience managers, understand where the greatest risk is in your site
2. Understand what benefits would be realized if your customers experienced less friction
3. Assess the impact of a device-based alternative to your current methods of authentication
A Three-step Plan to evaluate iovation’s
Customer Authentication for your sites
36
iovation’s Customer Authentication service wins
“Best Multi-factor Authentication Solution” in Cyber Defense Magazine’s2016 Editor’s Choice Awards
CONTACT US
www.iovation.comtwitter.com/iovation
Product Marketing Manager, AuthenticationMichael Thelander
[email protected]+1 503-224-6010