Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx

•Download as PPTX, PDF•

0 likes•110 views

FIDO Alliance

FIDO Seminar RSAC 2024

PROPRIETARY AND CONFIDENTIAL 1
Harnessing Passkeys
in the Battle Against
AI-Powered Cyber
Threats
Bojan Simic
HYPR CEO & Co-Founder

PROPRIETARY AND CONFIDENTIAL 2
Hackers don’t
break in.
They log in.

PROPRIETARY AND CONFIDENTIAL 3
Phishing
Passwords and MFA
Credential Stuffing
Using Leaked
Passwords
Malware &
Keyloggers
Steal Credentials
Social Engineering
to Obtain Credentials
How Hackers Are Using AI to “Log in”

PROPRIETARY AND CONFIDENTIAL 4
Existing Identity Security Controls are Insufficient
PUSH/OTP/SMS MFA Bypass is Automated
AI is Great at Guessing Users’ Passwords
Social Engineering is Easier Than Ever
Endpoints Don’t Protect Credentials
‘10,000 Microsoft Customers
Targeted in Phishing Attack That
Bypasses Multifactor Authentication’
‘Major Casino Chain
Hacked After Tricking IT
Service Desk’
‘Hackers Are Using AI To Steal
Bank Account Passwords’
‘Password Stealing and
Keylogging Malware is Being
Spread Through Fake Downloads’
BREAKING
NEWS

PROPRIETARY AND CONFIDENTIAL 5
The (Identity) Chain is Only as Strong as Its Weakest Link
User
Onboarding
Authentication
Password and
MFA Reset
Endpoint Access

PROPRIETARY AND CONFIDENTIAL 6
How Passkeys Make The Difference
User Onboarding
2nd
Interview
Require usage of
passkey
HR
Onboarding
I-9 Document
Verification & Verify
Passkey
Account
Provisioning
Verify passkey & gant
access
1st
Interview
Verify user identity &
create device bound
passkey

PROPRIETARY AND CONFIDENTIAL 7
Authentication Password & MFA Reset
How Passkeys Make The Difference

Vulnerable to AI
Enabled Phishing
Kits
& Social
Engineering
Vulnerable to AI
Enabled Phishing Kits
& Social Engineering
Vulnerable to
Social
Engineering
Attacks
Web & Mobile Apps password SMS OTP
Password + Legacy MFA
App
User Support Desk
Web Authentication Often Relies on Phishable Authentication. AI is Great at Phishing!
Access Point
Primary
Authentication
Fallback
Authentication
Authentication
Reset

Web & Mobile Apps
User
Passkeys Can Stop Many AI Phishing & Social Engineering in Their Tracks
Passkey on
Mobile Device
Secondary Mobile or
Security Key
Multiple Factors
Without
Passwords
Authentication
is Always
Phishing
Resistant
Credential
Provisioning
Protected from
Social
Engineering
Access Point
Primary
Authentication
Fallback
Authentication
Authentication
Reset
Synced Passkey
Presence + IDV

PROPRIETARY AND CONFIDENTIAL 10
How Passkeys Make The Difference
Endpoint Access

Primary
Authentication
Fallback
Authentication
User
Passkeys are
bound to specific
device
Easy to Phish and
Can Be
Intercepted by
Malware &
Keyloggers
Windows + Mac password
Access Point
Endpoint Access Often Falls Back to Insecure Methods
Windows Hello
Touch ID

User Windows + Mac
Windows Hello
Touch ID
HYPR Provides Phishing Resistance and Security for Credential Lifecycle
Mobile Passkey or
Security Key
Multiple Factors
Without Passwords
Authentication is
Always Phishing
Resistant
No Credentials for
Malware or Keyloggers
to Intercept
Access Point
Primary
Authentication
Fallback
Authentication

PROPRIETARY AND CONFIDENTIAL 13
The Identity Chain is Made Strong With Passkeys!
User
Onboarding
Authentication
Password and
MFA Reset
Endpoint Access

PROPRIETARY AND CONFIDENTIAL 14
Thank You!
bojan@hypr.com
@bojansimic
linkedin.com/in/bojansimic

In the wake of 2005 FFIEC regulation calling for stronger security methods, financial institutions have adopted two-factor authentication (2FA) as a means to mitigate online fraud. Historically 2FA measures such as security questions, one time passwords, physical tokens, SMS authentications and USB tokens have been able to effectively stop fraud attacks. However, in the fast paced arms race that is the war against financial crime, cybercriminals are starting to take the upper hand by developing increasingly sophisticated techniques that bypass 2FA. In this presentation, Ori Bach, Senior Security Strategist at IBM Trusteer demonstrates several of the 2FA beating techniques and explains how cybercriminals: - Highjack authenticated banking sessions by directly taking over victims computers - Make use fake overlay messages to trick victims to surrender their tokens - Beat one time passwords sent to mobile devices - Purchase fraud tool-kits to bypass 2FA View the on-demand recording: https://attendee.gotowebinar.com/recording/6080887905844019714

Securing corporate assets_with_2_faHai Nguyen

AI And Cyber-security Threats

Spotle.ai

Securing sensitive accounts with MFA and Behavioral Biometrics

DefCamp

Compromised data requires our undivided attention. There are too many examples of data breaches and cyber-attacks which resulted not only in enormous financial losses but also in public exposure of sensitive information. But studies show that 4 out of 5 data breaches can be prevented with two-factor authentication (2FA). In the presentation, I will showcase an example of a data breach from one of our customers, and the solution we proposed to fight future malicious activities. The topics of discussion will also include behavioral biometrics as a 2FA method as well as other types of factors which we encourage companies to adopt as additional layers of security. This presentation was showcased during Ladies in Cyber Security, an event organised by DefCamp and Cyber Security Research Center from Romania - CCSIR.

There is no debate that companies large or small are more or less have put a lot of efforts in protect digital security and privacy with “best practice” recommendations, often use solutions from branded security vendors or built by best in-house/outsourced experts, yet they are falling prey of cyber and insider attacks, because “compliance” or “best practice” do not equal to security. The reality has shown us that traditional security approaches have fall behind the increased system complexity and advanced technical capabilities that have been mastered by adversaries. The key weakness in our security defenses lies with the weakness of digital identities systems have been used to authenticate users (no system could defends against attacker impersonates legitimate user); follow by inability to validate the authenticity and integrity of communication (If attacker can temper with the data freely, then no need to crack the one time password) and finally incapable of protecting information from unauthorized accesses in an event of inevitable security breach because unknown system or application security vulnerabilities. FrontOne’s information security solution addresses all security weakness listed above: First, FrontOne uses its own digital identity that is harden to withstand advanced hackers using sophisticated real time attacks and help all its users from falling prey of identity thieves from phishing and malware attacks at client side to advanced persistent threats at the server side, because FrontOne’s digital identity is dynamic and non-transferable. Second, FrontOne provides 100% message integrity by using dedicated and destination aware messaging system and ensure each and every message is completely unique; reducing the chance of attackers from being able to identifying and manipulating it for their benefit. Finally, FrontOne uses its own method of protecting information at rest, in transit or in use, by focusing our innovation at the security and integrity of encryption key while using industry standardized cryptography. FrontOne’s user centric data protection solution uses dual control for its encryption keys. Random encryption key is protected with security key that has two parts, one part from the client side and other from the centralized key server. This arrangement ensures that access to protected data is available with the presence of the user device of the authorized user. The security approaches FrontOne have taken above are further strengthened with its own patented technologies that introduce a dynamic element is each and every message and transaction, mutually authenticate both parties before a request is served and providing user with ultimate control that is not accessible digitally.

Authshield integration with mails

AuthShield Labs

ForgeRock and Trusona - Simplifying the Multi-factor User Experience

ForgeRock

Authentication and MFA is no longer a one-mode-fits-all experience. Customer-centric companies need flexible intelligence models and simple, consistent login journeys across channels—web, call center, mobile—without being forced to bolt MFA on top of usernames and passwords. ForgeRock’s VP, Global Strategy and Innovation, Ben Goodman, and Trusona’s Chief Design Officer, Kevin Goldman, explain how ForgeRock combined with Trusona creates a broad range of multi-factor authentication modalities all with a consistent user experience, including primary MFA without usernames, passwords or typing whatsoever. Bonus: Trusona will reveal findings from the first-ever passwordless MFA behavioral research.

PowerPoint Presentation On Ethical Hacking in Brief (Simple)

Shivam Sahu

How to Protect Your Company from Broken Authentication Attacks?

Caroline Johnson

EDU 01SEMINAR.pdf

JihithaJP

The 10 most trusted authentication solution providers of 2021

CIO Look Magazine

SolusDeckandreeabrodo

Apache Milagro Presentation at ApacheCon Europe 2016

Brian Spector

Apache Milagro (incubating) establishes a new internet security framework purpose-built for cloud-connected app-centric software and IoT devices that require Internet scale. Milagro's purpose is to provide a secure, free, and positive open source alternative to centralised and proprietary monolithic trust providers such as commercial certificate authorities and the certificate backed cryptosystems that rely on them. Milagro is an open source, pairing-based cryptographic platform that delivers solutions for device and end user authentication, secure communications and fintech / blockchain security; issues challenging Cloud Providers and their customers. It does this without the need for certificate authorities, putting into place a new category of service providers called Distributed Trust Authorities (D-TA®). Milagro's M-Pin® protocol, and its existing open-source MIRACL® implementation on which MILAGRO is built, is already in use by Experian, NTT, Ingram Micro, and Gov.UK and rolled out to perform at Internet scale for Zero Password® multi-factor authentication and certificate-less HTTPS / secure channel.

FIDO UAF Specifications: Overview & Tutorial

FIDO Alliance

FIDO UAF (Universal Second Factor Framework) Specifications: Overview & Tutorial by Todd Thiemann, Nok Nok Labs The FIDO Alliance invites you to learn how simplify strong authentication for web services. FIDO specifications can help all organizations, especially service providers who want to scale these features for consumer services over the web. Essentially, FIDO offers a simple, low-cost way to improve security and the online experience.

Security Primer

Alison Gianotto

Image-Based Authentication from Confident Technologies

Confident Technologies

Going beyond MFA(Multi-factor authentication)-Future demands much more

indragantiSaiHiranma

Automated Onboarding, Identity Verification and Strong Authentication are all needed by future-readiness businesses that demand rapid evolution for their businesses transformation and growth. These 3 features form the core in hyper volume-velocity with remote working and BYO-focused workplace for every business too. End users and employee as understand the need for efficient solid identity verification security, but they expect technology to be simple, convenient, and fast. With decreased visibility and increased complexity, IT is more challenged than ever to manage authentication across a hybrid an environment without disrupting end-user

How To Prevent Cyber Attacks | Types of Cyber Attack | What is Cyber Attack |...

Intellipaat

How I'd hack into your business and how you can stop me!

AVG Technologies AU

Protect your Privacy

Marcos Lopez-Carlson

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

FIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdf

FIDO Alliance

Similar to Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx

techinator-net-how-ai-use-in-cybersecurity-future-of-hacking-.pdf

seotechinator

How AI used in cybersecurity

ArjitDas2

AY - Adaptive Access ControlAdrian Young

The Evolution of Authentication: Passwordless Solutions and Digital Identity ...

Caroline Johnson

FrontOne our new and different solutions

frontone

Authshield integration with mails

AuthShield Labs

ForgeRock and Trusona - Simplifying the Multi-factor User Experience

ForgeRock

PowerPoint Presentation On Ethical Hacking in Brief (Simple)

Shivam Sahu

How to Protect Your Company from Broken Authentication Attacks?

Caroline Johnson

EDU 01SEMINAR.pdf

JihithaJP

The 10 most trusted authentication solution providers of 2021

CIO Look Magazine

SolusDeckandreeabrodo

Apache Milagro Presentation at ApacheCon Europe 2016

Brian Spector

FIDO UAF Specifications: Overview & Tutorial

FIDO Alliance

Security Primer

Alison Gianotto

Image-Based Authentication from Confident Technologies

Confident Technologies

Going beyond MFA(Multi-factor authentication)-Future demands much more

indragantiSaiHiranma

How To Prevent Cyber Attacks | Types of Cyber Attack | What is Cyber Attack |...

Intellipaat

How I'd hack into your business and how you can stop me!

AVG Technologies AU

Protect your Privacy

Marcos Lopez-Carlson

Similar to Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx (20)

techinator-net-how-ai-use-in-cybersecurity-future-of-hacking-.pdf

How AI used in cybersecurity

AY - Adaptive Access Control

The Evolution of Authentication: Passwordless Solutions and Digital Identity ...

FrontOne our new and different solutions

Authshield integration with mails

ForgeRock and Trusona - Simplifying the Multi-factor User Experience

PowerPoint Presentation On Ethical Hacking in Brief (Simple)

How to Protect Your Company from Broken Authentication Attacks?

EDU 01SEMINAR.pdf

The 10 most trusted authentication solution providers of 2021

SolusDeck

Apache Milagro Presentation at ApacheCon Europe 2016

FIDO UAF Specifications: Overview & Tutorial

Security Primer

Image-Based Authentication from Confident Technologies

Going beyond MFA(Multi-factor authentication)-Future demands much more

How To Prevent Cyber Attacks | Types of Cyber Attack | What is Cyber Attack |...

How I'd hack into your business and how you can stop me!

Protect your Privacy

Recently uploaded

Knowledge engineering: from people to machines and back

Elena Simperl

Search and Society: Reimagining Information Access for Radical Futures

Bhaskar Mitra

The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Product School

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Product School

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Jeffrey Haguewood

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams. Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Product School

Leading Change strategies and insights for effective change management pdf 1.pdf

OnBoard

How world-class product teams are winning in the AI era by CEO and Founder, P...

Product School

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Product School

The Future of Platform Engineering

Jemma Hussein Allen

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Tobias Schneck

As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other? Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Inflectra

In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring. Learn about: • The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks. • Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective. • Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification. • Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process. Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.

Epistemic Interaction - tuning interfaces to provide information for AI support

Alan Dix

Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024 https://alandix.com/academic/papers/synergy2024-epistemic/ As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

Bits & Pixels using AI for Good.........

Alison B. Lowndes

Essentials of Automations: Optimizing FME Workflows with Parameters

Safe Software

Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place. Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects. Here’s what you’ll gain: - Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows. - Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy. - Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency. - Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity. We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic. Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.

Recently uploaded (20)