Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

BigWP Security Keys

317 views

Published on

What are U2F security keys, and how do they improve security?

Published in: Technology
  • Be the first to comment

  • Be the first to like this

BigWP Security Keys

  1. 1. security keys
  2. 2. Paul Schreiberpaulschreiber@gmail.com @paulschreiber
  3. 3. know
  4. 4. are
  5. 5. have
  6. 6. NIST Special Publication 800-63BDigital Identity Guidelines Authentication and Lifecycle Management
  7. 7. Use of the PSTN for out-of-band verification is RESTRICTED as described in this section and in Section 5.2.10. If out-of-band verification is to be made using the PSTN, the verifier SHALL verify that the pre-registered telephone number being used is associated with a specific physical device. Changing the pre- registered telephone number is considered to be the binding of a new authenticator and SHALL only occur as described in Section 6.1.2. Verifiers SHOULD consider risk indicators such as device swap, SIM change, number porting, or other abnormal behavior before using the PSTN to deliver an out-of-band authentication secret.
  8. 8. Use of the PSTN for out-of-band verification is RESTRICTED as described in this section and in Section 5.2.10. If out-of-band verification is to be made using the PSTN, the verifier SHALL verify that the pre-registered telephone number being used is associated with a specific physical device. Changing the pre- registered telephone number is considered to be the binding of a new authenticator and SHALL only occur as described in Section 6.1.2. Verifiers SHOULD consider risk indicators such as device swap, SIM change, number porting, or other abnormal behavior before using the PSTN to deliver an out-of-band authentication secret.
  9. 9. Use of the PSTN for out-of-band verification is RESTRICTED as described in this section and in Section 5.2.10. If out-of-band verification is to be made using the PSTN, the verifier SHALL verify that the pre-registered telephone number being used is associated with a specific physical device. Changing the pre- registered telephone number is considered to be the binding of a new authenticator and SHALL only occur as described in Section 6.1.2. Verifiers SHOULD consider risk indicators such as device swap, SIM change, number porting, or other abnormal behavior before using the PSTN to deliver an out-of-band authentication secret.
  10. 10. Use of the PSTN for out-of-band verification is RESTRICTED as described in this section and in Section 5.2.10. If out-of-band verification is to be made using the PSTN, the verifier SHALL verify that the pre-registered telephone number being used is associated with a specific physical device. Changing the pre- registered telephone number is considered to be the binding of a new authenticator and SHALL only occur as described in Section 6.1.2. Verifiers SHOULD consider risk indicators such as device swap, SIM change, number porting, or other abnormal behavior before using the PSTN to deliver an out-of-band authentication secret.
  11. 11. yubico.com/gafw/ 50% off
  12. 12. os in-browser u2f support macOS iOS Linux Android Windows USB ✔ ✘ ✔ ✘ ✔ Bluetooth ✘ ✔ ✘ ✔ ✘ NFC ✘ ✘ ✘ ✔ ✘
  13. 13. github.com/
 Safari-FIDO-U2F/ Safari-FIDO-U2F
  14. 14. WebAuthn 
  15. 15. dongleauth.info
  16. 16. wordpress.org/ plugins/ two-factor/
  17. 17. wordpress.org/ plugins/ google-apps- login/
  18. 18. SSH
  19. 19. Many graphics from The Noun Project Computer by Azis; Credit card Gonzalo Bravo; Email by Bryn Taylor; Fingerprint by Ben Davis; Lock with keyhole by Brennan Novak; Nokia 3310 by Stan Fisher; Shield by Wayne Thayer; Star by Thays Malcher; Warning by Icomatic.

×