Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Beyond passwords: time for a change

2,000 views

Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Beyond passwords: time for a change

  1. 1. Beyond password: Time for a change Olivier Potonniée Octobre 2013
  2. 2. How can web applications authenticate their online users? 2 Beyond password: Time for a change
  3. 3. Often… 3 Beyond password: Time for a change
  4. 4. Passwords? 290,729 (1%) RockYou social network, Dec 2009: 30,000,000 passwords 40% uniques 10,000 (0.03%) 24% 1,000 100 : 5% 4 12% Beyond password: Time for a change
  5. 5. Attacks Compromised passwords in 2013: Living Social: 50 millions Email 75% EverNote: 50 millions Drupal: 1 million Social Twitter: 250,000 … 5 Beyond password: Time for a change (BitDefender)
  6. 6. Strong Authentication At least 2 of: Something you know (password, pin, etc.) Something you have (card, mobile, etc.) Something you are (biometrics) Independents, protected 6 Beyond password: Time for a change
  7. 7. Protiva Cloud Confirm 7 Beyond password: Time for a change
  8. 8. 8 Beyond password: Time for a change
  9. 9. I have an issue with smart cards 9 Beyond password: Time for a change
  10. 10. 10 Beyond password: Time for a change
  11. 11. Need to define YOUR solution Secure Convenient Cheap 11 Beyond password: Time for a change
  12. 12. Social Login Identity reuse Simpler for users (no new identifier to remember) Single-Sign-On (SSO) Alleviate the application Privacy risks Traceability Disclosure of personal data 12 Beyond password: Time for a change
  13. 13. Authentication delegation 13 Beyond password: Time for a change
  14. 14. Delegation protocols SAML OAuth 14 Beyond password: Time for a change
  15. 15. A simple URL 15 Beyond password: Time for a change
  16. 16. Authentication Who are you? Give him a certificate Alice email (nat sakimura) 16 Beyond password: Time for a change OpenID Identity Provider
  17. 17. Authentication via email Who are you? Here’s my email, give him a certificate Alice email Verifier Does this email belong to her? Identity Provider 17 Beyond password: Time for a change
  18. 18. SAML Assertions Who are you? Give him a certificate Alice email 18 Beyond password: Time for a change SAML Identity Provider
  19. 19. OAuth Authorization to access personal data 19 Beyond password: Time for a change
  20. 20. OAuth Authorization Who are you? 20 Beyond password: Time for a change Give him an access key OAuth Server Alice
  21. 21. Authorization to access identity Who are you? 21 Beyond password: Time for a change Give him an access key OpenID Connect Server Alice
  22. 22. Define YOUR solution Confidentiality / Personal data sharing? Pre-registration of web application? Dependency to an identity provider? Authentication methods? 22 Beyond password: Time for a change
  23. 23. THE Message Passwords are bad Strong Authentication Too many identities is inconvenient Reuse identities (emails, social networks…) Authentication is a sensitive and potentially complex task Delegation, SSO Privacy needs to be protected Don’t ask for more data or access rights than needed 23 Beyond password: Time for a change
  24. 24. Thanks 24 Beyond password: Time for a change

×