More Related Content
Similar to Two factor Authentication
Similar to Two factor Authentication (20)
More from Ricardo Resnik (9)
Two factor Authentication
- 2. © 2014 SecurEnvoy
Ideal Solution
To Allow Secure Remote Access with 2FA
• Anywhere, Anytime, on Any device
• Strong security
• Consistent Simple User eXperience
• Cost Effective
iPad Smart Phone Home PC Business Lounge
AAA
Secure
UX
ROI
- 3. © 2014 SecurEnvoy
2FA Token Types
• Hard Tokens
• Certificates
• Push
• Adaptive Authentication
• Real Time SMS
• Preload SMS
• Soft Tokens Apps
• One Swipe
- 4. © 2014 SecurEnvoy
Hard Token
• Hardware Tokens
– Require distribution, synchronizing
– 30 year old technology
– Seed records known to vendors / governments
• Smart Cards
– Needs a reader and local driver software
– Require distribution, certificate management
• USB Sticks
– Local driver software
– Require distribution, certificate management
• User must carry the token
AAA Secure UX ROI
- 5. © 2014 SecurEnvoy
Certificates
• Enrolment authentication
• Only authenticate on this device
• Leaving identity everywhere
• What happens when?
– Cert Expires every year
– CA Expires every 5 years
– Device is upgraded or sold
X
AAA Sec UX ROI
- 6. © 2014 SecurEnvoy
One Identity is the Solution
SMS
Pre-Load On-Demand 3 Codes Periodic
Phone or
Tablet App
Laptop
X
X
X
• One Soft Token Identity
• Self Service “Manage My Token” portal
• Change many times @ no additional cost
- 7. © 2014 SecurEnvoy
Push Technologies
• Requires GSM DATA
• No unique Passcode
• Push sent to all devices
• No session locking
– Shoulder surfer connects just before?
AAA Sec UX ROI
- 8. © 2014 SecurEnvoy
Adaptive Authentication
Bob - Logs in from coffee shop
No Passcode Prompt
Bob - Logs in from home
No Passcode Prompted
Bob - Logs in from USA
Passcode Prompted
Bob - Logs in from airport
Passcode Prompt
AAA UX ROINOT a consistent user experience
- 9. © 2014 SecurEnvoy
The Problem
• SMS delivery delays
• Expect around 4% of SMS messages to takes longer that 1
minute
• SLA’s on delivery DON’T cover sending to the user’s phone
• Signal dead spots
• buildings with wide outer walls
• underground basements
• computer rooms
• Phone is used to connect to the internet
• Some phones can’t receive SMS when a data connection is
active
“96% of texts are delivered within 10 seconds” source Vodafone
Real Time SMS
UserID & Pin SMS Sent to Phone
AAA Secure UX ROI
- 10. © 2014 SecurEnvoy
Something You Know
Something You Own
Andyk
P0stcode
956324
Next Required Passcode Sent To Phone (overwrites previous message)
Passcode
769310
Pre-Loaded SMS
AAA Secure UX ROI
- 11. © 2014 SecurEnvoy
SMS Gateway Delivery
Wrong Approach
• Limited SMS Gateways options
• Tied to one provider
– Be wary of hidden costs
– International coverage
Correct Approach
• Multiple SMS gateway options
– Intelligent routing
– Redundant failover
– Multiple methods
– competitive SMS providers brings lower costs
Telco SMS
Provider
- 14. © 2014 SecurEnvoy
Seed 1st Part
QRCode Scan
8 Digit Code
Seed 1st Part
Fingerprint of Phone
Seed 2nd PartSeed 2nd Part
2nd Seed Part is recreated each time a passcode is crea
Seed 2nd PartSeed 2nd PartSeed 2nd Part
Random 1st Seed Part Created Locally
Seeds are NOT stored by SecurEnvoy
AES 256 Bit Encrypted
SEED Security
- 15. © 2014 SecurEnvoy
iPhone 4 iPhone 5
No Additional Cost To upgrade to a new phone
Old Seed Deleted
From Server
New Seed
Created
Soft Token - Upgrade Phone
AAA Secure UX ROI
- 17. © 2014 SecurEnvoy
One Swipe Via QRCode
******
***********
Scan QRCode From Phone
Enter Pin
One Time QRCode
• No Phone Signal or Data Connection Required
• Automatic Time Sync to +/- 13 Hours GMT (any time zone)
- 18. © 2014 SecurEnvoy
Off-line or
behind a firewall
One Swipe
Don’t need to enter UserID
Don’t need to enter passcode
Don’t need to re-enter passcode
JUST PIN & SWIPE
No Signal
VPN Login
Templates
Isolated
- 20. © 2014 SecurEnvoy
2FA Token Types, Talk To Us @ Stand H10
• Hard Tokens
• Certificates
• Push
• Adaptive
• RealTime SMS
• Pre Load SMS
• Soft Token
• One Swipe
AAA Sec UX ROI
AAA Sec UX ROI
AAA UX ROI
AAA Secure UX ROI
AAA Secure UX ROI
AAA Secure UX ROI
AAA Secure UX ROI
AAA Secure UX ROI