Uploaded bySecureAuth
Passwordless is Possible - How to Remove Passwords and Improve Security
The document discusses the increasing challenges associated with password security, highlighting that 81% of breaches involved stolen credentials. It presents survey results indicating a growing interest in passwordless authentication solutions, with 57% believing this can enhance security and user experience. The document emphasizes the importance of implementing layered security measures, such as biometric authentication and two-factor authentication, to reduce risk and improve identity confidence.
More Related Content
Similar to Passwordless is Possible - How to Remove Passwords and Improve Security
![Number_Guessing_Game_Dsbsbssbzboc[1].pptx](https://cdn.slidesharecdn.com/ss_thumbnails/numberguessinggamedoc1-251206215042-a076fc05-thumbnail.jpg?width=640&height=640&fit=bounds)
Passwordless is Possible - How to Remove Passwords and Improve Security
- 1. PASSWORDLESS IS POSSIBLE How to remove passwords and improve security Keith Graham | CTO | SecureAuth May 25, 2017
- 2. AGENDA + The State of the Password + Results of SecureAuth & SC Magazine Survey + How Passwordless is Possible Today + Q&A
- 3. Billions are spent on network and endpoint security….. ….. but breaches still happen and are on the rise, 40% from 2015 to 2016 Network Security Endpoint Security Identity Security $80 Billion $5 Billion
- 4. 81% of breaches involved stolen credentials 2016… …which can’t be stopped by network or endpoint security
- 5. Can we rely on the Password? + Users have 25+ active accounts + Simple passwords like “123456” are common + Passwords are written down + Strong passwords = complex UX
- 6. The password has become a "kind of a nightmare” Prof. Fernando J. Corbato
- 7. Survey Results What did SC Magazine and SecureAuth discover...
- 8. 46% 29% 20% 19% 17% Detecting when a breach has occurred Implementing the right solution Better end-‐user experience Securing enough budget Hiring the right staff Q: What are your biggest IT security challenges for 2017?
- 9. 14% 50% In 5 years Today Q: Are you using password-‐only authentication today? Will you use passwords-‐only in 5 years?
- 10. 17% 26% 46% Password + 2FA Password + 2FA + risk analysis Fingerprint + 2FA + risk analysis Q: Beyond the password, what would you trust more?
- 11. Q: What are some of the benefits of eliminating passwords? 57% 56% 45% 40% 36% Eliminate risk of stolen passwords being used by attackers Removing risk from the security vulnerability of the human factor Eliminate time spent entering multiple passwords Eliminate requirements for complex passwords Eliminate costs around password resets
- 12. Q: What is the top concern you have with eliminating passwords? 23% 21% 17% 13% 13% Ability to roll out across all applications Do not believe removing passwords improves security! User adoption challenges Achieving regulatory compliance Ability to monitor log-‐in attempts
- 13. 11% 25% 25% 39% Very Likely Somewhat Likely Somehwhat Unlikely Very Unlikely Q: How likely are you to eliminate Passwords completely in the next 5 years?
- 14. Survey Takeaways: + Detecting a breach is the #1 concern + 57% think removing passwords can help stop attacks + 62% think they can increase security or user experience without passwords + 77% believe they can roll-‐out passwordlessacross all apps
- 15. How Passwordless is Possible Today
- 16. Single Factor Authentication Two Factor Authentication Level of Trust/Confidence in Authentication Layering Factors to Increase Security Biometric (Fingerprint, face, iris) Knowledge (password) Knowledge (KBA) Hardware (OTP, TOTP, push-‐to-‐accept) Knowledge (password) Knowledge (password) Knowledge (password)
- 17. Biometric (Fingerprint, face, iris) Single Factor Authentication Two Factor Authentication Passwordless Authentication Level of Trust/Confidence in Authentication Knowledge (password) Knowledge (KBA) Hardware (OTP, TOTP, push-‐to-‐accept) Hardware (OTP, TOTP, push-‐to-‐accept) Knowledge (password) Knowledge (password) Knowledge (password) Biometric (Fingerprint, face, iris) Risk Analysis (multiple layers) Increasing Trust Without Passwords
- 18. Biometric (Fingerprint, face, iris) Single Factor Authentication Two Factor Authentication Passwordless Authentication Level of Trust/Confidence in Authentication Knowledge (password) Knowledge (KBA) Hardware (OTP, TOTP, push-‐to-‐accept) Hardware (OTP, TOTP, push-‐to-‐accept) Knowledge (password) Knowledge (password) Knowledge (password) Biometric (Fingerprint, face, iris) Risk Analysis (multiple layers) Increasing Trust Without Passwords
- 19. Building Identity Confidence By layering security, you can reduce your level of risk and increase your level of security
- 20. “By 2019, use of passwords and tokens in medium-‐risk use cases will drop 55% due to the introduction of recognition technologies.” * Gartner 2016 Trends
- 21. + Passwordless offers increased security and a great user experience + Enterprise architectures are complex + Passwordless may not be realistic in all use cases + Start with 2FA and adaptive, and use passwordlesswhere ever possible Going Passwordless won’t happen overnight
- 22.
- 23. THANK YOU Copyright SecureAuthCorporation 2017 Contact SecureAuth to talk about how to start your passwordless journey. Visit: www.secureauth.com/passwordless