Keynote Session : Kill The Password
-
Upload
priyanka-aash -
Category
Technology
-
view
201 -
download
0
Transcript of Keynote Session : Kill The Password
![Page 1: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/1.jpg)
15_PHO
SACON 2016
Kill The Password: new era of authentication
![Page 2: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/2.jpg)
2012”…the age of password
has come to an end…
...we must find something new...”
![Page 3: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/3.jpg)
![Page 4: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/4.jpg)
How many of you keep the same password for all your accounts ?
![Page 5: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/5.jpg)
55% of net users use the same password for most, if not all, websites. When will they learn?
![Page 6: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/6.jpg)
![Page 7: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/7.jpg)
427 million accounts 117 million accounts 38 million accounts
500 million accounts
600 thousand accounts
4 million accounts
1 million accounts70 million accounts
![Page 8: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/8.jpg)
Password based attacks• Dictionary• Brute-force• MiTM
![Page 9: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/9.jpg)
How strong is your password?
![Page 10: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/10.jpg)
How many of you visit forget password page regularly?
![Page 11: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/11.jpg)
![Page 12: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/12.jpg)
![Page 13: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/13.jpg)
![Page 14: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/14.jpg)
14
Password Patterns – Connect the dots…
![Page 15: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/15.jpg)
15
Password Patterns – Connect the dots…
Source - https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Marte-L0ge-I-will-Tell-you-your-Lock-Pattern-UPDATED.pdf
![Page 16: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/16.jpg)
16
Common habits
Source - http://www.androidauthority.com/lock-pattern-predictable-636267/
• Average pattern score is 13.6• 44% of people usually start their
patterns from the top-left corner dot.
• 77% of users started their patterns in one of the corners.
• Most users used only 5 nodes, and a significant amount only used 4.
• Over 10% of lock patters were made in the shape of a letter (often representing the first initial of the person, or a loved one).
![Page 17: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/17.jpg)
15_PHO
Humans are LAZY and PREDICTABLE!
![Page 18: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/18.jpg)
35
“Hello. It’s me!”.
http://www.slideshare.net/iovationpdx/authentithings-the-pitfalls-and-promises-of-authentication-in-the-iot
![Page 19: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/19.jpg)
Biometrics are ready now!(…for authentication, not identification)
AlibabaFace
VoicePinVoice
AppleFingerprint
Mastercard
Face
GoogleFingerprint
![Page 20: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/20.jpg)
20
What’s common• A record of a person's unique characteristic is
captured and kept in a database• Later on, a new record is captured and
compared with the previous record in the database.
![Page 21: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/21.jpg)
21
Three stages of usage• Identification• Authentication• Authorization
Two-part process• Enrollment• Enforcement
![Page 22: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/22.jpg)
64
“Hello. It’s me!”.
http://www.slideshare.net/iovationpdx/authentithings-the-pitfalls-and-promises-of-authentication-in-the-iot
![Page 23: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/23.jpg)
66
BIOMETRICS
IP ADDRESS
JAILBROKEN OR ROOTED
GEO LOCATION
ASSOCIATIONS
SECURITY RISK
http://www.slideshare.net/iovationpdx/authentithings-the-pitfalls-and-promises-of-authentication-in-the-iot
![Page 24: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/24.jpg)
The problems behind biometrics today
Security or convenience?
Privacy Accessibility Usability
![Page 25: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/25.jpg)
FRAGMENTATIONtoo many authentication
mechanisms to use.
No one is prevailing
![Page 26: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/26.jpg)
15_PHO
Future?
![Page 27: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/27.jpg)
Improvements in recognition algorithms
New biometric factors (iris, veins)
Face, voice, fingerprint will become dominant (iris?)
Raise of biometric-enabled IOT
Prediction for the next 5-10 years
No major changes in the biometric panorama(from a business perspective)
![Page 28: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/28.jpg)
Efforts at minimum, security at maximum
Secure Open Standard Simple
![Page 29: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/29.jpg)
29
Due diligence• Users• Enterprises• Developers
![Page 30: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/30.jpg)
30
Users• Make your password hard to guess• Go as long and complex as you can• Consider using a password manager• One account, one password
Source: SOPHOS youtube video – how to pick a proper passwords
![Page 31: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/31.jpg)
31
Enterprises• Provide unique focus on authentication
testing• Strong password validation• Role-based access validation• Assess password recovery etc.
![Page 32: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/32.jpg)
32
Developers• Least privilege based integration• More in-depth analysis before integration to
identify the right library/frameworks etc. • Extensive customization to remove unwanted
features/APIs
![Page 34: Keynote Session : Kill The Password](https://reader035.fdocuments.net/reader035/viewer/2022062522/587085381a28ab57368b7757/html5/thumbnails/34.jpg)
34
References• http://
searchsecurity.techtarget.com/definition/biometric-verification • https://
www.dragonresearchgroup.org/insight/sshpwauth-cloud.html • https://nakedsecurity.sophos.com/2013/04/23/users-sa
me-password-most-websites/ • https://www.skyhighnetworks.com/cloud-security-blog/y
ou-wont-believe-the-20-most-popular-cloud-service-passwords/