Your SlideShare is downloading. ×
0
Electronic authentication more than just a password
Electronic authentication more than just a password
Electronic authentication more than just a password
Electronic authentication more than just a password
Electronic authentication more than just a password
Electronic authentication more than just a password
Electronic authentication more than just a password
Electronic authentication more than just a password
Electronic authentication more than just a password
Electronic authentication more than just a password
Electronic authentication more than just a password
Electronic authentication more than just a password
Electronic authentication more than just a password
Electronic authentication more than just a password
Electronic authentication more than just a password
Electronic authentication more than just a password
Electronic authentication more than just a password
Electronic authentication more than just a password
Electronic authentication more than just a password
Electronic authentication more than just a password
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Electronic authentication more than just a password

300

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
300
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
21
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Electronic AuthenticationMore Than Just a Password Nicholas Davis Information Security Cardinal Stritch Interview Session May 20, 2009
  • 2. Session Overview• What electronic authentication is and why it is important• Definitions• Different types of authentication factors (username/password)• Benefits and drawbacks of various authentication technologies• “Strong Authentication”• Question and Answer Session
  • 3. Presentation Style• Blue = Topic• Black = Informational Details• Red = Discussion• Audience participation is encouraged. Anytime you see red, you can begin to think about the discussion topic at hand
  • 4. Authentication Defined Authentication is the process of providing proof to a person or system that you are indeed who you claim to be. Can you think of some examples? Electronic authentication is similar in that provides a level of assurance as to whether someone or something is who or what it claims to be in a digital environment. Can you think of some examples?
  • 5. Authentication Factors• Three types of electronic authentication• Something you know – username/password• Something you have – One time password device• Something you are – Voiceprint or retinal scan• Let’s examine these in detail!
  • 6. Username and PasswordSomething that you know • Sometimes has rules associated with it, such as length, or has an expiration date. • Can you think of some other password rules? • Why do you think password rules are enforced?
  • 7. Username and Password - Benefits • Most widely used electronic authentication mechanism in the world. People understand how to use it. • Low fixed cost to implement and virtually no variable cost • Fairly good for low assurance applications • No physical device required
  • 8. Username and Password - Drawbacks • Can be easily shared on purpose • Can be easily stolen via Shoulder Surfing, Keyboard Logger Packet Sniffer • Can be guessed • Can be hard to remember • Password code is easy to hack
  • 9. Make Your Passwords Strong • Be as long as possible (never shorter than 6 characters). • Include mixed-case letters, if possible. • Include digits and punctuation marks, if possible. • Not be based on any personal information. • Not be based on any dictionary word, in any language. • Expire on a regular basis and may not be reused • May not contain any portion of your name, birthday, address or other publicly available information
  • 10. One Time Password (OTP) Devices Something That You Have • Have an assigned serial number which is tied to my userid • Device generates a new password every 30 seconds • Server on other end knows what to expect from the device assigned to me, at any point in time
  • 11. One Time Password Device - Benefits • Difficult to share • Constantly changing password means it can’t be stolen, shoulder surfed or sniffed • Coolness factor! • Let’s try to circumvent the technology! • What would happen if I generated a one time pass code, wrote it down and then tried to use it later?
  • 12. One Time Passwords - Drawbacks • Cost! • Rank very low on the washability index • Uncomfortable • Expiration • Battery Life • Can be forgotten at home
  • 13. Biometrics Something That You Are• Use a unique part of your body to authenticate you, such as your voice pattern, your retina, or your fingerprint
  • 14. Biometrics Benefits• Harder to steal than even a One Time Password since it is part of the user, not simply in their possession like and OTP device• Absolute uniqueness of authentication factor• Coolness factor
  • 15. Biometrics Drawbacks• Cost• Complexity of Administration• Highly invasive• Not always reliable – false negatives• Not foolproof• The Gummi Bear thief!
  • 16. Single Factor vs. Multifactor vs Dual Factor • Single Factor – Using one method to authenticate. • Dual Factor – Using two different types of authentication mechanism to authenticate • Multifactor – Using multiple forms of the same factor. (Password + identifying an image that only you would know) • Some people claim multi factor is just a way around industry regulations. Good test is to ask, could I memorize both of these?
  • 17. Key Concepts• Current online password based authentication techniques are weak at best: Most rely on multiple single factors• Password Credentials are easily stolen from consumers, and rarely change• Lack of consistency in authentication processes confuse consumers
  • 18. Summary• There are three types of authentication technologies: – Something you know – Something you have – Something you are Password is the weakest Biometrics is the strongest
  • 19. Audience Discussion and Q&A• Describe which types of authentication technologies are incorporated into your ATM card• How do you feel about the use of biometrics?• Name a situation in which you think biometrics should be used for authentication

×