Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Multi Factor Authetification - ZendCon 2017

332 views

Published on

The password is currently the most commonly used way to identify a user. It does not, however, have the level of security required to protect sensitive information.
The addition of new identification factor allows to solve this problem. But what, where, when do you have them? In this session we'll see the concepts of strong authentication, the introduction of alternative free or low cost second-factor identification.

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Multi Factor Authetification - ZendCon 2017

  1. 1. MULTI-FACTOR AUTHENTICATION AND STRONG AUTHENTICATION
  2. 2. ABOUT ME PHILIPPE GAMACHE HI I’M PHILIPPE I’m a Developer Evangelist for kuzzle.io. Long-time internet developer, author, screen caster, podcaster and speaker. I’m specializes in PHP, Symfony, Kuzzle, security, code quality, performance, real time and geolocation. • Sécurité PHP 5 et MySQL 5 • OWASP Montreal • PHP Quebec • Table Top Game Developer • Pen & Paper RPG Writer
  3. 3. I'M MISLEADING YOU THIS IS NOT THE EIFFEL TOWER
  4. 4. WHERE IN LAS VEGAS EIFFEL TOWER RESTAURANT
  5. 5. AGENDA • Authentication vs Authorization • Authentication's Problems • The solutions • Strong Authentication • Solutions for all budgets
  6. 6. AUTHENTICATION VS AUTHORIZATION • Authentication • Procedure that verifies the identity of an entity (person, computer ...) to allow access to resources (systems, networks, applications ...) • Authorization • Procedure that allows access to resources only to those authorized to use. AUTHORIZATION
  7. 7. AUTHENTICATION'S PROBLEMS • Accurately identify the entity • Accurately identify the entity type • Accessibility • Broken Password A SIMPLE LIST
  8. 8. • People use easy to find password • Easily give their passwords to strangers • without reason • 45 % of woman1 • 10 % of man1 • For a chocolate bar • 64 % of people1 • 21% have 10+ years old password2 • 47% have 5+ years old password2 • 73% use duplicated password2 • 54% have 5 or fewer passwords across the entire life2 • On average, only 6 unique passwords are used to guard 24 online account2 BROKEN PASSWORD THE HUMAN FACTOR 1 Infosec Europe Conference 2008 2 TeleSign Customer Account Security Report 2015
  9. 9. – Chris Nickerson - Exotic Liability #37 “In the middle of talking to him, he gives me, is online banking username and password.”
  10. 10. – Chris Nickerson - Exotic Liability #37 “In the middle of talking to him, he gives me, is online banking username and password.”
  11. 11. THE SOLUTION USE SECURITY QUESTIONS?
  12. 12. THE SOLUTION USE SECURITY QUESTIONS?
  13. 13. THE SOLUTIONS SIGN THE FORM <?php $code = hash_hmac( 'sha256', json_encode([ $verifierNonce, $userID, $expiration->format('Y-m-dTH:i:s') ]), $tokenSigningKey ]);
  14. 14. THE SOLUTIONS HTTP://WWW.CAPTCHA.NET/
  15. 15. CAPTCHA IMAGES
  16. 16. CAPTCHA HOT OR NOT
  17. 17. GOOGLE RECAPTCHA HTTPS://WWW.GOOGLE.COM/RECAPTCHA/
  18. 18. GOOGLE RECAPTCHA HTTPS://WWW.GOOGLE.COM/RECAPTCHA/
  19. 19. FAITHFULLY IDENTIFY THE ENTITY AND SHOVE THE SECURITY PROBLEM AWAY
  20. 20. STRONG AUTHENTICATION • Method of computer access control; • User is granted access; • After successfully presenting several separate pieces of evidence MULTI-FACTOR AUTHENTICATION
  21. 21. MULTI-FACTOR AUTHENTICATION MEMORIAL FACTOR Memorial factor
  22. 22. MULTI-FACTOR AUTHENTICATION MEMORIAL FACTOR Memorial factor
  23. 23. MULTI-FACTOR AUTHENTICATION MEMORIAL FACTOR Memorial factor
  24. 24. MULTI-FACTOR AUTHENTICATION MEMORIAL FACTOR Memorial factor
  25. 25. MULTI-FACTOR AUTHENTICATION MEMORIAL FACTOR Memorial factor
  26. 26. MULTI-FACTOR AUTHENTICATION MEMORIAL FACTOR Memorial factor
  27. 27. MULTI-FACTOR AUTHENTICATION PHYSICAL FACTOR Memorial factor Physical Factor
  28. 28. MULTI-FACTOR AUTHENTICATION PHYSICAL FACTOR Memorial factor Physical Factor
  29. 29. MULTI-FACTOR AUTHENTICATION PHYSICAL FACTOR Memorial factor Physical Factor
  30. 30. MULTI-FACTOR AUTHENTICATION PHYSICAL FACTOR Memorial factor Physical Factor
  31. 31. MULTI-FACTOR AUTHENTICATION PHYSICAL FACTOR Memorial factor Physical Factor
  32. 32. MULTI-FACTOR AUTHENTICATION PHYSICAL FACTOR Memorial factor Physical Factor
  33. 33. MULTI-FACTOR AUTHENTICATION PHYSICAL FACTOR Memorial factor Physical Factor
  34. 34. MULTI-FACTOR AUTHENTICATION PHYSICAL FACTOR Memorial factor Physical Factor
  35. 35. MULTI-FACTOR AUTHENTICATION PHYSICAL FACTOR Memorial factor Physical Factor
  36. 36. MULTI-FACTOR AUTHENTICATION REACTIONAL FACTOR Memorial factor Reactional factor Physical Factor
  37. 37. MULTI-FACTOR AUTHENTICATION REACTIONAL FACTOR Memorial factor Reactional factor Physical Factor
  38. 38. MULTI-FACTOR AUTHENTICATION MATERIAL FACTOR Memorial factor Reactional factor Physical FactorMaterial factor
  39. 39. MULTI-FACTOR AUTHENTICATION MATERIAL FACTOR Memorial factor Reactional factor Physical FactorMaterial factor
  40. 40. MULTI-FACTOR AUTHENTICATION MATERIAL FACTOR Memorial factor Reactional factor Physical FactorMaterial factor
  41. 41. MULTI-FACTOR AUTHENTICATION MATERIAL FACTOR Memorial factor Reactional factor Physical FactorMaterial factor
  42. 42. MULTI-FACTOR AUTHENTICATION MATERIAL FACTOR Memorial factor Reactional factor Physical FactorMaterial factor
  43. 43. MULTI-FACTOR AUTHENTICATION MATERIAL FACTOR Memorial factor Reactional factor Physical FactorMaterial factor
  44. 44. MULTI-FACTOR AUTHENTICATION MATERIAL FACTOR Memorial factor Reactional factor Physical FactorMaterial factor
  45. 45. MULTI-FACTOR AUTHENTICATION MATERIAL FACTOR Memorial factor Reactional factor Physical FactorMaterial factor
  46. 46. MULTI-FACTOR AUTHENTICATION MATERIAL FACTOR Memorial factor Reactional factor Physical FactorMaterial factor
  47. 47. MULTI-FACTOR AUTHENTICATION MATERIAL FACTOR Memorial factor Reactional factor Physical FactorMaterial factor
  48. 48. MULTI-FACTOR AUTHENTICATION MATERIAL FACTOR Memorial factor Reactional factor Physical FactorMaterial factor
  49. 49. MULTI-FACTOR AUTHENTICATION MATERIAL FACTOR Memorial factor Reactional factor Physical FactorMaterial factor
  50. 50. MULTI-FACTOR AUTHENTICATION TWO-FACTOR AUTHENTICATION Memorial factor Reactional factor Physical FactorMaterial factor
  51. 51. TWO-FACTOR AUTHENTICATION EXAMPLES? Memorial factor Reactional factor Physical FactorMaterial factor
  52. 52. SOLUTIONS FOR ALL BUDGETS PERFECT PAPER PASSWORDS
  53. 53. PERFECT PAPER PASSWORDS HTTPS://WWW.GRC.COM/PPP.HTM
  54. 54. PERFECT PAPER PASSWORDS HTTPS://WWW.GRC.COM/PPP.HTM
  55. 55. PERFECT PAPER PASSWORDS HTTPS://WWW.GRC.COM/PPP.HTM
  56. 56. SOLUTIONS FOR ALL BUDGETS YUBIKEY
  57. 57. YUBIKEY HTTP://WWW.YUBICO.COM/PRODUCTS/YUBIKEY/
  58. 58. tgbvgflvvndijcfhftgnnldhgviktivhdvnekehejceh tgbvgflvvndiknblilkrtbdvflbdhvdvutlblkfuueel cccccccclildcuhrrhneenjbrrbbnikcvhvbgbcbnvhn cccccccclildibndgdgihuvdcggthnjrbcujdkujnblv YUBIKEY HTTP://WWW.YUBICO.COM/PRODUCTS/YUBIKEY/
  59. 59. SOLUTIONS FOR ALL BUDGETS OATH OPEN AUTHENTICATION
  60. 60. SOLUTIONS FOR ALL BUDGETS OATH OPEN AUTHENTICATION
  61. 61. SOLUTIONS FOR ALL BUDGETS OATH OPEN AUTHENTICATION https://openauthentication.org
  62. 62. STRONG AUTHENTICATION • Man-in-the-middle attacks • Session or cookies thefts • Data theft if site not protected • Advance Phishing DOESN'T PROTECT YOU...
  63. 63. ANY QUESTIONS? THANK YOU! If you want to talk more, feel free to contact me. http://kuzzle.io This presentation was created using Keynote. The text is set in Oswald and Ubuntu. The source code is set in Ubuntu Mono. The iconography is provided by Keynote, kuzzle.io and Font Awesome. Unless otherwise noted, all photographs are used by permission under a Creative Commons license. Please refer to the Photo Credits slide for more information. Copyright © This work is licensed under Creative Commons Attribution-ShareAlike 4.0 International. For uses not covered under this license, please contact the author. hello@kuzzle.io @kuzzleio Kuzzle kuzzleio http://kuzzle.io Presentation © Format_Informations hello@kuzzle.io @kuzzleio philippegamache joind.in/talk/b21f7 Please visit us at:
  64. 64. PHOTO CREDITS • Page 3 to 5: By Simeon87 (Own work) [CC BY-SA 3.0 (http:// creativecommons.org/licenses/by-sa/3.0)], via Wikimedia Commons • Page 11: http://failblog.cheezburger.com/

×