Two factor Authentication

516 views

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
516
On SlideShare
0
From Embeds
0
Number of Embeds
13
Actions
Shares
0
Downloads
8
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Two factor Authentication

  1. 1. © 2014 SecurEnvoy Revolutionising 2FA to enhance the user experience Andy Kemshall – Co Founder 01/01/14 Company logo
  2. 2. © 2014 SecurEnvoy Ideal Solution To Allow Secure Remote Access with 2FA • Anywhere, Anytime, on Any device • Strong security • Consistent Simple User eXperience • Cost Effective iPad Smart Phone Home PC Business Lounge AAA Secure UX ROI
  3. 3. © 2014 SecurEnvoy 2FA Token Types • Hard Tokens • Certificates • Push • Adaptive Authentication • Real Time SMS • Preload SMS • Soft Tokens Apps • One Swipe
  4. 4. © 2014 SecurEnvoy Hard Token • Hardware Tokens – Require distribution, synchronizing – 30 year old technology – Seed records known to vendors / governments • Smart Cards – Needs a reader and local driver software – Require distribution, certificate management • USB Sticks – Local driver software – Require distribution, certificate management • User must carry the token  AAA Secure UX ROI
  5. 5. © 2014 SecurEnvoy Certificates • Enrolment authentication • Only authenticate on this device • Leaving identity everywhere • What happens when? – Cert Expires every year – CA Expires every 5 years – Device is upgraded or sold X AAA Sec UX ROI
  6. 6. © 2014 SecurEnvoy One Identity is the Solution SMS Pre-Load On-Demand 3 Codes Periodic Phone or Tablet App Laptop X X X • One Soft Token Identity • Self Service “Manage My Token” portal • Change many times @ no additional cost
  7. 7. © 2014 SecurEnvoy Push Technologies • Requires GSM DATA • No unique Passcode • Push sent to all devices • No session locking – Shoulder surfer connects just before? AAA Sec UX ROI
  8. 8. © 2014 SecurEnvoy Adaptive Authentication Bob - Logs in from coffee shop No Passcode Prompt Bob - Logs in from home No Passcode Prompted Bob - Logs in from USA Passcode Prompted Bob - Logs in from airport Passcode Prompt AAA UX ROINOT a consistent user experience 
  9. 9. © 2014 SecurEnvoy The Problem • SMS delivery delays • Expect around 4% of SMS messages to takes longer that 1 minute • SLA’s on delivery DON’T cover sending to the user’s phone • Signal dead spots • buildings with wide outer walls • underground basements • computer rooms • Phone is used to connect to the internet • Some phones can’t receive SMS when a data connection is active “96% of texts are delivered within 10 seconds” source Vodafone Real Time SMS UserID & Pin SMS Sent to Phone AAA Secure UX ROI
  10. 10. © 2014 SecurEnvoy Something You Know Something You Own Andyk P0stcode 956324 Next Required Passcode Sent To Phone (overwrites previous message) Passcode 769310 Pre-Loaded SMS AAA Secure UX ROI
  11. 11. © 2014 SecurEnvoy SMS Gateway Delivery Wrong Approach • Limited SMS Gateways options • Tied to one provider – Be wary of hidden costs – International coverage Correct Approach • Multiple SMS gateway options – Intelligent routing – Redundant failover – Multiple methods – competitive SMS providers brings lower costs Telco SMS Provider
  12. 12. © 2014 SecurEnvoy ****** *********** Soft Token App
  13. 13. © 2014 SecurEnvoy SEED Security XXX XXX
  14. 14. © 2014 SecurEnvoy Seed 1st Part QRCode Scan 8 Digit Code Seed 1st Part Fingerprint of Phone Seed 2nd PartSeed 2nd Part 2nd Seed Part is recreated each time a passcode is crea Seed 2nd PartSeed 2nd PartSeed 2nd Part Random 1st Seed Part Created Locally Seeds are NOT stored by SecurEnvoy AES 256 Bit Encrypted SEED Security
  15. 15. © 2014 SecurEnvoy iPhone 4 iPhone 5 No Additional Cost To upgrade to a new phone Old Seed Deleted From Server New Seed Created Soft Token - Upgrade Phone AAA Secure UX ROI
  16. 16. © 2014 SecurEnvoy What does the user want? This? AQ4£Dhdboie Bu7&6tgy)99 7h15!s57up!d Or this? This?
  17. 17. © 2014 SecurEnvoy One Swipe Via QRCode ****** *********** Scan QRCode From Phone Enter Pin One Time QRCode • No Phone Signal or Data Connection Required • Automatic Time Sync to +/- 13 Hours GMT (any time zone)
  18. 18. © 2014 SecurEnvoy Off-line or behind a firewall One Swipe Don’t need to enter UserID Don’t need to enter passcode Don’t need to re-enter passcode JUST PIN & SWIPE No Signal VPN Login Templates Isolated
  19. 19. © 2014 SecurEnvoy One Swipe Future Road Map ****** *********** Enter Pin AAA Secure UX ROI
  20. 20. © 2014 SecurEnvoy 2FA Token Types, Talk To Us @ Stand H10 • Hard Tokens • Certificates • Push • Adaptive • RealTime SMS • Pre Load SMS • Soft Token • One Swipe AAA Sec UX ROI AAA Sec UX ROI AAA UX ROI AAA Secure UX ROI AAA Secure UX ROI AAA Secure UX ROI AAA Secure UX ROI AAA Secure UX ROI
  21. 21. © 2014 SecurEnvoy See us on Stand H10

×