Presentation is loading. Please wait.

Presentation is loading. Please wait.

Goodbye to Passwords.

Published byCaroline Flynn Modified over 6 years ago

Similar presentations

Presentation on theme: "Goodbye to Passwords."— Presentation transcript:

1 Goodbye to Passwords

2 Identity and Access Management
Security Discipline enabling: Right Individuals access to the Right Resources at the Right Times for the Right Reasons On an enterprise level, IAM addresses need to ensure appropriate access to resources across increasingly heterogeneous technology environments, and to meet rigorous compliance requirements

3 Problems with passwords
Too many, too long Users don’t remember them Users lack faith in passwords Infrastructure to manage passwords Telesign Consumer Account Security Report – June 2015) N = 2,020; US & UK “Only 30% of users are confident that their passwords will protect the security of their online accounts.”(Telesign Consumer Account Security Report – June 2015)

4 Security Risks Weak passwords, lack of policies
Top10 Corporate Environment Passwords Weak passwords, lack of policies Using the same passwords on multiple accounts – Domino Effect Frequency of password changes Password sharing Shoulder surfing Password storage Network World.com –Aug 2014 “You don't need mad hacking skills to crack Password1, Hello123 and password – 86% of hackers surveyed at Black Hat said they weren't worried about being busted at any rate.” (Network World.com – Aug 2014)

5 Authentication Methods
ID & password authentication Biometric authentication devices & system Enterprise single sign-on (SSO) Public Key Infrastructure (PKI) and digital certificate Security Token and smart card 2FA & Multi-factor authentication Knowledge, possession, inherent, location and time. SecSign Technologies – Nov 2014; 2FA: two factor authentication “With the approach used by Google, Apple, and Microsoft, two-step verification combines the first two of these factors—something known only by the user, which is the account password, and something that only the user possesses, such as the smartphone or land line telephone.” (SecSign Technologies – Nov 2014)

6 Biometric Authentication

7 The future Fast Identity Online (FIDO) Alliance FIDO Members
non-profit founded in July 2012 and publicly announced in February 2013 FIDO Members Google, Samsung, Microsoft, Bank of America, Amex, MasterCard, Visa, etc. FIDO Protocol Standards “The FIDO method is more secure than current methods because no password of identifying information is sent out; instead, it is processed by software on the end user's device that calculates cryptographic strings to be sent to a login server.” (TechTarget.com – May 2014)

8 Questions/Comments

9 References:

Download ppt "Goodbye to Passwords."

Similar presentations

Achieving online trust through Mutual Authentication.

Achieving online trust through Mutual Authentication.
Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.

Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.

Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.
Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.

Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.
Development and Implementation of Multifactor Authentication Motonori Nakamura at National Institute of Informatics and Takuya Matsuhira at Kanazawa University,

Development and Implementation of Multifactor Authentication Motonori Nakamura at National Institute of Informatics and Takuya Matsuhira at Kanazawa University,
Secure Element Access from a Web browser W3C Workshop on Authentication, Hardware Tokens and Beyond 11 September 2014 1 Oberthur Technologies – Identity.

Secure Element Access from a Web browser W3C Workshop on Authentication, Hardware Tokens and Beyond 11 September Oberthur Technologies – Identity.
Peace Out, Passwords Identity and Access Management for the rest of us.

Peace Out, Passwords Identity and Access Management for the rest of us.
Certificate and Key Storage Tokens and Software

Certificate and Key Storage Tokens and Software
Technology Security Risk Management. Technology Security Risks 1. Data Confidentiality risk 2. System Integrity risk 3. System Availability risk 4. Customer.

Technology Security Risk Management. Technology Security Risks 1. Data Confidentiality risk 2. System Integrity risk 3. System Availability risk 4. Customer.
© 2004-2014. Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.

© Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
Author of Record Digital Identity Management Sub-Workgroup October 24, 2012.

Author of Record Digital Identity Management Sub-Workgroup October 24, 2012.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.

RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Cloud Security Julian Lovelock VP, Product Marketing, HID Global.

Cloud Security Julian Lovelock VP, Product Marketing, HID Global.
Private and Confidential. Levels of Identity Verification Is this person who they claim to be? Knowledge based Authentication Is this a real identity?

Private and Confidential. Levels of Identity Verification Is this person who they claim to be? Knowledge based Authentication Is this a real identity?
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Google Wallet By: Amanda Tazbaz ITMG 10. How it works ● Download application on Android smartphone ● Set up payment information ● Shop in store ● Click.

Google Wallet By: Amanda Tazbaz ITMG 10. How it works ● Download application on Android smartphone ● Set up payment information ● Shop in store ● Click.
Security PS Evaluating Password Alternatives Bruce K. Marshall, CISSP, IAM Senior Security Consultant

Security PS Evaluating Password Alternatives Bruce K. Marshall, CISSP, IAM Senior Security Consultant

Similar presentations

Ads by Google