• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Beyond passwords: time for a change
 

Beyond passwords: time for a change

on

  • 1,027 views

 

Statistics

Views

Total Views
1,027
Views on SlideShare
849
Embed Views
178

Actions

Likes
0
Downloads
5
Comments
0

3 Embeds 178

http://www.paris-web.fr 133
http://lanyrd.com 36
https://twitter.com 9

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Beyond passwords: time for a change Beyond passwords: time for a change Presentation Transcript

    • Beyond password: Time for a change Olivier Potonniée Octobre 2013
    • How can web applications authenticate their online users? 2 Beyond password: Time for a change
    • Often… 3 Beyond password: Time for a change
    • Passwords? 290,729 (1%) RockYou social network, Dec 2009: 30,000,000 passwords 40% uniques 10,000 (0.03%) 24% 1,000 100 : 5% 4 12% Beyond password: Time for a change
    • Attacks Compromised passwords in 2013: Living Social: 50 millions Email 75% EverNote: 50 millions Drupal: 1 million Social Twitter: 250,000 … 5 Beyond password: Time for a change (BitDefender)
    • Strong Authentication At least 2 of: Something you know (password, pin, etc.) Something you have (card, mobile, etc.) Something you are (biometrics) Independents, protected 6 Beyond password: Time for a change
    • Protiva Cloud Confirm 7 Beyond password: Time for a change
    • 8 Beyond password: Time for a change
    • I have an issue with smart cards 9 Beyond password: Time for a change
    • 10 Beyond password: Time for a change
    • Need to define YOUR solution Secure Convenient Cheap 11 Beyond password: Time for a change
    • Social Login Identity reuse Simpler for users (no new identifier to remember) Single-Sign-On (SSO) Alleviate the application Privacy risks Traceability Disclosure of personal data 12 Beyond password: Time for a change
    • Authentication delegation 13 Beyond password: Time for a change
    • Delegation protocols SAML OAuth 14 Beyond password: Time for a change
    • A simple URL 15 Beyond password: Time for a change
    • Authentication Who are you? Give him a certificate Alice email (nat sakimura) 16 Beyond password: Time for a change OpenID Identity Provider
    • Authentication via email Who are you? Here’s my email, give him a certificate Alice email Verifier Does this email belong to her? Identity Provider 17 Beyond password: Time for a change
    • SAML Assertions Who are you? Give him a certificate Alice email 18 Beyond password: Time for a change SAML Identity Provider
    • OAuth Authorization to access personal data 19 Beyond password: Time for a change
    • OAuth Authorization Who are you? 20 Beyond password: Time for a change Give him an access key OAuth Server Alice
    • Authorization to access identity Who are you? 21 Beyond password: Time for a change Give him an access key OpenID Connect Server Alice
    • Define YOUR solution Confidentiality / Personal data sharing? Pre-registration of web application? Dependency to an identity provider? Authentication methods? 22 Beyond password: Time for a change
    • THE Message Passwords are bad Strong Authentication Too many identities is inconvenient Reuse identities (emails, social networks…) Authentication is a sensitive and potentially complex task Delegation, SSO Privacy needs to be protected Don’t ask for more data or access rights than needed 23 Beyond password: Time for a change
    • Thanks 24 Beyond password: Time for a change