Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

2019 | My Phone is My Password | Identiverse | Day 1, June 25

51 views

Published on

Everyone has a smartphone (in fact, many have more than one). Nobody wants to remember yet another password. Surely the combination of these two mean that the smartphone app is the logical solution to securing authentication and delivering a truly passwordless experience for both employees and customers? Unfortunately, it's not always as simple as that, though. In the ongoing war between convenience and user experience on the one side, and strong security and privacy on the other, we need to ensure that we do not unwittingly create new risks and attack surfaces in our rush to remove passwords.In this session, we'll explore not only the available technologies and approaches making passwordless authentication possible today, but also discuss the real -world challenges involved when moving to such a model and providing a truly trustworthy and secure authentication factor within a mobile app. We'll then look at a number of approaches and patterns that can address these challenges and discuss specific industry examples.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

2019 | My Phone is My Password | Identiverse | Day 1, June 25

  1. 1. ® MY PHONE IS MY PASSWORD AUTHENTICATING IN A DIGITAL-NATIVE AGE ROB OTTO
  2. 2. ® The Trouble with Passwords In which limitations of common password-based authentication schemes are described (at some length) and the benefits of mobile phone based alternatives are explored (again at some length)
  3. 3. WE ARE NOT DOING THIS WELL
  4. 4. WE CAN DO THIS BETTER - Better security than passwords alone - Better usability than hard tokens BUT CAN WE ELIMINATE PASSWORDS ENTIRELY?
  5. 5. WHY, YES!
  6. 6. ® The Boy Who Logged In Using (Only) His Phone In which a number of common and emerging patterns for mobile-phone based login are discussed, dissected and debunked, probably at slightly less length than the speaker would have liked as he will probably already be running out of time.
  7. 7. IDENTIFIER + PUSH
  8. 8. QR CODE SESSION CLAIM
  9. 9. NATIVE APP AUTO LOGIN
  10. 10. FIDO2 WITH CTAP
  11. 11. CLIENT-INITIATED BACKCHANNEL AUTHENTICATION
  12. 12. ® Do It Right or Don’t Do It At All In which the speaker introduces a note of doom and gloom to the proceedings by highlighting a number of perils and pitfalls associated with the aforemention’d approaches and delivers several dire warnings to the assembled audience, some using the comic sans font
  13. 13. “WITH GREAT POWER COMES GREAT RESPONSIBILITY” Spider-Man
  14. 14. MY PHONE IS MY PASSWORDMY PHONE IS MY IDENTITY MAKE SURE YOU KNOW WHO I AM
  15. 15. MY PHONE IS MY AUTHENTICATOR DON’T SWAP ONE WEAK FACTOR FOR ANOTHER!
  16. 16. MY PHONE IS MY KEY-STORE THREATS ARE EVERYWHERE – BE PARANOID!
  17. 17. ®

×