Today passwords aren't enough to keep your information safe. According to Lawless Research, 68% consumers say they want companies to provide extra security, such as 2FA, to protect personal information. Most online services have been quick to step up their authentication, but what about businesses? How do they stay safe and make sure only the right users access the right systems and data?
Xura and SMS Passcode have been helping companies secure their data for over ten years. View slides from our co-hosted webinar, where we explored the latest developments in authentication across multiple platforms, and provided advice on best practices and tips on how to choose a solution right for you.
LTE Masterclass: “Signaling network vulnerabilities and protection strategies...
Passwords today passcodes tomorrow: Webinar December 2nd, 2015
1. |
Passwords today, PASSCODES tomorrow
Webinar December 2nd, 2015
Markus Behr, Director Professional Services at Xura
Lars Gotlieb, Regional Manager DACH at SMS Passcode
02.12.2015
PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.151
2. ||
Why single factor authentication struggles after >30 years of usage
Passwords today
2 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
The easy principle of single factor authentication:
a password is something only you know
The problem with single factor authentication:
a password is no longer something only you know
3. ||
Our passwords are too easy
Passwords today
3 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Check yourself at Intel:
https://www-ssl.intel.com/content/www/us/en/forms/passwordwin.html
Longest time to break your account
using one of the most common passwords:
4. ||
Our passwords are too short
Passwords today
4 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Modern CPUs/GPUs of standard computers
can try > 1 billion passwords per second
Check yourself at Intel:
https://www-ssl.intel.com/content/www/us/en/forms/passwordwin.html
Time to break your account
with a numeric password 6 digits long 524017
Check yourself at Intel:
https://www-ssl.intel.com/content/www/us/en/forms/passwordwin.html
Time to break your account
with an alphanumeric/special chars password 8 characters long §Zg71kö5
Check yourself at Intel:
https://www-ssl.intel.com/content/www/us/en/forms/passwordwin.html
Time to break your account
with an alphanumeric password 10 characters long Tn5%w-9Uo2
Are you updating your secure password every 2 weeks?
Check yourself at Intel:
https://www-ssl.intel.com/content/www/us/en/forms/passwordwin.html
Time to break your account
with an alphanumeric password 7 characters long 8Dhr2Pz
http://content.time.com/time/interactive/0,31813,2048601,00.html
5. ||
Our passwords are not securely stored
Passwords today
5 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
http://www.inquisitr.com/2385536/225k-iphones-hacked-passwords-stolen-by-malware/
http://www.wired.co.uk/news/archive/2015-11/25/mr-grey-hacker-controls-12-billion-stolen-logins
http://thehackernews.com/2015/09/ashley-madison-password-cracked.html
http://thehackernews.com/2015/10/free-web-hosting-hacking.html
http://www.cio-today.com/article/index.php?story_id=023000QNX0I2
http://www.scmagazine.com/patreons-hack-exposes-data-on-23-million-users/article/443518/
examples for big data breaches
from the press since Sept. 2015
6. ||
We secure e.g. banking transactions by adding a further factor
2-Factor-Authentication
6 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Something you have:
mTAN / OTP
Something you know:
Password +
typically distributed to separate
device e.g. smartphone
Xura globally transports your OTP to the end users’ mobile devices through our
certified, highly secure platform with global reach and premium SLA options
Xura provides easy to integrate APIs to generate and verify OTPs
to secure e.g. your consumer based processes
Xura technology comes integrated with turn key strong authentication
by SMS Passcode to secure your internal systems
OTP transport
OTP APIs
OTP software
7. ||
while mobile attack scenarios are coming up to weaken the 2nd factor
(like by malware, SIM swap, HLR spoofing, etc.)
for internal systems many enterprises still trust in pure password authentication
Think smarter – next-gen multifactor authentication
Passcodes tomorrow
7 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Something you have:
mTAN / OTP
Something you know:
Password +
Xura and SMS Passcode raise security by adaptive multifactor authentication
Something you have:
Hardened mobile device
+
Added context relation:
Check of additional factors
+
Something you have:
PASSCODE
Something you are:
Biometrics
9. ||
trustego technology by Xura
enables secure mobile IP messaging
9 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
trustego is one of the most secure systems,
to receive mobile messages and PIN/mTAN
codes on a smartphone or tablet today
Global coverage via IP access (GSM + WLAN) and SMS fallback
Highest security standards, TÜV i-sec certificated
Branded, rich-media msgs with secure attachments and read receipt
Option of interactive click-based processes with highest usability
Available as trustego app, dedicated app solutions or trustego SDK
Binds messages to the users mobile identity (MSISDN) and device
Secured message transfer and storage
10. ||
trustego
advanced message design
10 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Secure Inbox and Archiv
(+ optional PIN Code Secure App)
Dynamic Sender &
Automated sender branding
(colour + logo)
Support for overlong text
and HTML format
Transportation of Rich
Media elements, links
and secure attachments
(e.g. images or pdfs)
Limited Validity of
message and action
(optionally)
Secure click-based interaction
over encrypted channel
(optionally)
11. ||
trustego
cutting edge mobile security
11 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Messages are delivered via a geo-redundant and regularly audited platform
in ISO/IEC 27001 certified colocations, reaching users anywhere and any time, in under 1 second.
Server side security with fraud detection. Signed and encrypted message transfer. Secure and encrypted local storage.
No attackable local algorithm for TAN / Token generation on the mobile device.
HTTP/S w. client certificate
Highest supported encryption
iOS key chain and own Android key chain
code obfuscation and anti-reverse-engineering
SteganographyJailbreak and Root detection
PIN lockMessage timeout
Message archive
Security updates
version check
HTTP POST / Header
One click authentication with encrypted backchannel
push notification
verifiable read receipttheft lock
13. ||
Your contacts
13 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Markus Behr
Director Professional Services
Acision Secure Communications GmbH
a Xura company
Phone: +49 (0) 89 20 17 27 64
Mobil: +49 (0) 172 8389 564
E-Mail: markus.behr@xura.com
Lars Gotlieb
Regional Manager DACH
SMS PASSCODE A/S
Phone: +49 (0) 89 99216 407
Mobile: +49 (0) 175 9572 602
E-Mail: lgo@smspasscode.com
Achieving
Customer Success
2000+customers
800k+users
99%customer satisfaction
14. ||14 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Think smarter – next-gen multifactor authentication
Passcodes tomorrow
14 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Something you have:
PASSCODE
Another example:
Password +
Launch the App Look at the camera Read the passphrase
Something you are:
Biometrics
Smartphone based
face and voice recognition
Proof who you are:
Video legitimation
Video and audio based identification
through Smartphone or Browser
PASSPORT
Editor's Notes
Moore‘s law
Mulit-Core CPUs and GPUs
Cloud computing power
----
Most „secure passwords“ still 8 characters
Together we are bigger, we reach further and we think smarter
Bigger means:
Behaving as a Industry leader in digital communication
• leveraging our market share to your advantage
• Evolving product portfolio to solve your business problems
Further means:
Helping you today but more importantly
Bridging you to where your destination is going to be
Advancing your technology needs along every conceivable evolution path
Smarter means:
Leveraging our 20+ years’ experience
• Powering innovation, especially in advanced IP solutions
Automated sender branding by the server improves message integrity
Together we are bigger, we reach further and we think smarter
Bigger means:
Behaving as a Industry leader in digital communication
• leveraging our market share to your advantage
• Evolving product portfolio to solve your business problems
Further means:
Helping you today but more importantly
Bridging you to where your destination is going to be
Advancing your technology needs along every conceivable evolution path
Smarter means:
Leveraging our 20+ years’ experience
• Powering innovation, especially in advanced IP solutions