Today passwords aren't enough to keep your information safe. According to Lawless Research, 68% consumers say they want companies to provide extra security, such as 2FA, to protect personal information. Most online services have been quick to step up their authentication, but what about businesses? How do they stay safe and make sure only the right users access the right systems and data? Xura and SMS Passcode have been helping companies secure their data for over ten years. View slides from our co-hosted webinar, where we explored the latest developments in authentication across multiple platforms, and provided advice on best practices and tips on how to choose a solution right for you.

1. |
Passwords today, PASSCODES tomorrow
Webinar December 2nd, 2015
Markus Behr, Director Professional Services at Xura
Lars Gotlieb, Regional Manager DACH at SMS Passcode
02.12.2015
PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.151

2. ||
Why single factor authentication struggles after >30 years of usage
Passwords today
2 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
The easy principle of single factor authentication:
a password is something only you know
The problem with single factor authentication:
a password is no longer something only you know

3. ||
Our passwords are too easy
Passwords today
3 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Check yourself at Intel:
https://www-ssl.intel.com/content/www/us/en/forms/passwordwin.html
Longest time to break your account
using one of the most common passwords:

4. ||
Our passwords are too short
Passwords today
4 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Modern CPUs/GPUs of standard computers
can try > 1 billion passwords per second
Check yourself at Intel:
https://www-ssl.intel.com/content/www/us/en/forms/passwordwin.html
Time to break your account
with a numeric password 6 digits long 524017
Check yourself at Intel:
https://www-ssl.intel.com/content/www/us/en/forms/passwordwin.html
Time to break your account
with an alphanumeric/special chars password 8 characters long §Zg71kö5
Check yourself at Intel:
https://www-ssl.intel.com/content/www/us/en/forms/passwordwin.html
Time to break your account
with an alphanumeric password 10 characters long Tn5%w-9Uo2
Are you updating your secure password every 2 weeks?
Check yourself at Intel:
https://www-ssl.intel.com/content/www/us/en/forms/passwordwin.html
Time to break your account
with an alphanumeric password 7 characters long 8Dhr2Pz
http://content.time.com/time/interactive/0,31813,2048601,00.html

5. ||
Our passwords are not securely stored
Passwords today
5 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
http://www.inquisitr.com/2385536/225k-iphones-hacked-passwords-stolen-by-malware/
http://www.wired.co.uk/news/archive/2015-11/25/mr-grey-hacker-controls-12-billion-stolen-logins
http://thehackernews.com/2015/09/ashley-madison-password-cracked.html
http://thehackernews.com/2015/10/free-web-hosting-hacking.html
http://www.cio-today.com/article/index.php?story_id=023000QNX0I2
http://www.scmagazine.com/patreons-hack-exposes-data-on-23-million-users/article/443518/
examples for big data breaches
from the press since Sept. 2015

6. ||
We secure e.g. banking transactions by adding a further factor
2-Factor-Authentication
6 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Something you have:
mTAN / OTP
Something you know:
Password +
typically distributed to separate
device e.g. smartphone
Xura globally transports your OTP to the end users’ mobile devices through our
certified, highly secure platform with global reach and premium SLA options
Xura provides easy to integrate APIs to generate and verify OTPs
to secure e.g. your consumer based processes
Xura technology comes integrated with turn key strong authentication
by SMS Passcode to secure your internal systems
OTP transport
OTP APIs
OTP software

7. ||
while mobile attack scenarios are coming up to weaken the 2nd factor
(like by malware, SIM swap, HLR spoofing, etc.)
for internal systems many enterprises still trust in pure password authentication
Think smarter – next-gen multifactor authentication
Passcodes tomorrow
7 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Something you have:
mTAN / OTP
Something you know:
Password +
Xura and SMS Passcode raise security by adaptive multifactor authentication
Something you have:
Hardened mobile device
+
Added context relation:
Check of additional factors
+
Something you have:
PASSCODE
Something you are:
Biometrics

8. |8 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
trustego
hardened mobile devices

9. ||
trustego technology by Xura
enables secure mobile IP messaging
9 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
trustego is one of the most secure systems,
to receive mobile messages and PIN/mTAN
codes on a smartphone or tablet today
Global coverage via IP access (GSM + WLAN) and SMS fallback
Highest security standards, TÜV i-sec certificated
Branded, rich-media msgs with secure attachments and read receipt
Option of interactive click-based processes with highest usability
Available as trustego app, dedicated app solutions or trustego SDK
Binds messages to the users mobile identity (MSISDN) and device
Secured message transfer and storage

10. ||
trustego
advanced message design
10 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Secure Inbox and Archiv
(+ optional PIN Code Secure App)
Dynamic Sender &
Automated sender branding
(colour + logo)
Support for overlong text
and HTML format
Transportation of Rich
Media elements, links
and secure attachments
(e.g. images or pdfs)
Limited Validity of
message and action
(optionally)
Secure click-based interaction
over encrypted channel
(optionally)

11. ||
trustego
cutting edge mobile security
11 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Messages are delivered via a geo-redundant and regularly audited platform
in ISO/IEC 27001 certified colocations, reaching users anywhere and any time, in under 1 second.
Server side security with fraud detection. Signed and encrypted message transfer. Secure and encrypted local storage.
No attackable local algorithm for TAN / Token generation on the mobile device.
HTTP/S w. client certificate
Highest supported encryption
iOS key chain and own Android key chain
code obfuscation and anti-reverse-engineering
SteganographyJailbreak and Root detection
PIN lockMessage timeout
Message archive
Security updates
version check
HTTP POST / Header
One click authentication with encrypted backchannel
push notification
verifiable read receipttheft lock

12. |12 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Context adapted
multifactor security

13. ||
Your contacts
13 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Markus Behr
Director Professional Services
Acision Secure Communications GmbH
a Xura company
Phone: +49 (0) 89 20 17 27 64
Mobil: +49 (0) 172 8389 564
E-Mail: markus.behr@xura.com
Lars Gotlieb
Regional Manager DACH
SMS PASSCODE A/S
Phone: +49 (0) 89 99216 407
Mobile: +49 (0) 175 9572 602
E-Mail: lgo@smspasscode.com
Achieving
Customer Success
2000+customers
800k+users
99%customer satisfaction

14. ||14 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Think smarter – next-gen multifactor authentication
Passcodes tomorrow
14 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Something you have:
PASSCODE
Another example:
Password +
Launch the App Look at the camera Read the passphrase
Something you are:
Biometrics
Smartphone based
face and voice recognition
Proof who you are:
Video legitimation
Video and audio based identification
through Smartphone or Browser
PASSPORT