Beyond passwords: time for a change

1,333 views
1,230 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,333
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Beyond passwords: time for a change

  1. 1. Beyond password: Time for a change Olivier Potonniée Octobre 2013
  2. 2. How can web applications authenticate their online users? 2 Beyond password: Time for a change
  3. 3. Often… 3 Beyond password: Time for a change
  4. 4. Passwords? 290,729 (1%) RockYou social network, Dec 2009: 30,000,000 passwords 40% uniques 10,000 (0.03%) 24% 1,000 100 : 5% 4 12% Beyond password: Time for a change
  5. 5. Attacks Compromised passwords in 2013: Living Social: 50 millions Email 75% EverNote: 50 millions Drupal: 1 million Social Twitter: 250,000 … 5 Beyond password: Time for a change (BitDefender)
  6. 6. Strong Authentication At least 2 of: Something you know (password, pin, etc.) Something you have (card, mobile, etc.) Something you are (biometrics) Independents, protected 6 Beyond password: Time for a change
  7. 7. Protiva Cloud Confirm 7 Beyond password: Time for a change
  8. 8. 8 Beyond password: Time for a change
  9. 9. I have an issue with smart cards 9 Beyond password: Time for a change
  10. 10. 10 Beyond password: Time for a change
  11. 11. Need to define YOUR solution Secure Convenient Cheap 11 Beyond password: Time for a change
  12. 12. Social Login Identity reuse Simpler for users (no new identifier to remember) Single-Sign-On (SSO) Alleviate the application Privacy risks Traceability Disclosure of personal data 12 Beyond password: Time for a change
  13. 13. Authentication delegation 13 Beyond password: Time for a change
  14. 14. Delegation protocols SAML OAuth 14 Beyond password: Time for a change
  15. 15. A simple URL 15 Beyond password: Time for a change
  16. 16. Authentication Who are you? Give him a certificate Alice email (nat sakimura) 16 Beyond password: Time for a change OpenID Identity Provider
  17. 17. Authentication via email Who are you? Here’s my email, give him a certificate Alice email Verifier Does this email belong to her? Identity Provider 17 Beyond password: Time for a change
  18. 18. SAML Assertions Who are you? Give him a certificate Alice email 18 Beyond password: Time for a change SAML Identity Provider
  19. 19. OAuth Authorization to access personal data 19 Beyond password: Time for a change
  20. 20. OAuth Authorization Who are you? 20 Beyond password: Time for a change Give him an access key OAuth Server Alice
  21. 21. Authorization to access identity Who are you? 21 Beyond password: Time for a change Give him an access key OpenID Connect Server Alice
  22. 22. Define YOUR solution Confidentiality / Personal data sharing? Pre-registration of web application? Dependency to an identity provider? Authentication methods? 22 Beyond password: Time for a change
  23. 23. THE Message Passwords are bad Strong Authentication Too many identities is inconvenient Reuse identities (emails, social networks…) Authentication is a sensitive and potentially complex task Delegation, SSO Privacy needs to be protected Don’t ask for more data or access rights than needed 23 Beyond password: Time for a change
  24. 24. Thanks 24 Beyond password: Time for a change

×