SlideShare a Scribd company logo

The Password Is Dead: An Argument for Multifactor Biometric Authentication

Veridium
Veridium

In 2015, 63 percent of all confirmed data breaches were the result of weak, default, or stolen passwords. In fact, this was the second primary cause of all data breaches, globally, according to the 2016 Verizon Data Breach Investigations Report. The death of passwords has been heralded for over a decade now, but these reports were often greatly exaggerated. However, in recent years this has begun to change, as new technologies are allowing companies to change how they secure access to digital assets. From traditional usernames and passwords to two-factor authentication, outdated security practices are failing to keep data secure. Whether it’s a lack of user adoption or actual flaws in the security infrastructure, businesses need a better option to protect access to their most important resources. In this webinar, we will discuss the prevalence of data breaches today and where passwords and two-factor authentication fall short, followed by how biometrics, when properly deployed through end-to-end solutions like HoyosID, can provide the missing piece for fully securing digital access.

Technology
1 of 37
Download to read offline
An Argument for Multifactor Biometric Authentication THE PASSWORD IS DEAD © 2016 Veridium All Rights Reserved
B E FORE W E B E G IN Attendees have been muted You may submit questions at any time, but we will respond at the conclusion of the presentation during the Q&A session © 2016 Veridium All Rights Reserved
John Callahan, PhD Chief Technology Officer B E FORE W E B E G IN • PhD in Computer Science from University of Maryland, College Park • Former Associate Director at the Office of Naval Research, Global, London office • Previously Research Director at the NASA Independent Verification and Validation Facility © 2016 Veridium All Rights Reserved
AG E NDA • History of username & password • Password complexity is failing • Biometrics • Physiological and behavioral • Privacy needs for biometric data © 2016 Veridium All Rights Reserved
HISTORY OF USERNAME AND PASSWORD © 2016 Veridium All Rights Reserved
A T IME OF CRISIS • The password is nearly 40 years old • Username doesn’t truly represent Identity © 2016 Veridium All Rights Reserved
NUMB E R OF ACCOUNT S Most people have 10-20 online accounts… …and you are asked to use a different password for all of them! © 2016 Veridium All Rights Reserved
A FLUX P OINT • Passwords alone are no longer adequate for cybersecurity © 2016 Veridium All Rights Reserved
COST OF CHURN • Best practice is to change passwords every three months • These password resets cost time and money © 2016 Veridium All Rights Reserved
H E LP D E SK COST S • Lost password resets also cost time and money • These costs are beyond tolerable © 2016 Veridium All Rights Reserved
COMP ROMISE S E X ACE RBAT E LOSS • Lost/Stolen passwords contribute to other database compromises • Users often reuse passwords • Complexity rules become predictable © 2016 Veridium All Rights Reserved
PASSWORD COMPLEXITY IS FAILING © 2016 Veridium All Rights Reserved
COMP LE X IT Y RULE S • Frequency of change • Minimum Length • Mixture of “ulsd” (upper, lower, special, digit) • Topologies • Difficulty meters: A risk themselves © 2016 Veridium All Rights Reserved
CREDIT: XKCD COMP LE X IT Y RULE S ( CONT.) © 2016 Veridium All Rights Reserved
ANALY SIS Source: Rick Redman’s 2014 OWASP AppSec USA 2014 talk © 2016 Veridium All Rights Reserved
ANALY SIS Source: Rick Redman’s 2014 OWASP AppSec USA 2014 talk © 2016 Veridium All Rights Reserved
ANALY SIS Source: Rick Redman’s 2014 OWASP AppSec USA 2014 talk Top 50 Most Commonly Used Topology IDs Across All Samples Frequency of Common Topologies Across All SamplesPercentofPasswordsMatchingGivenPatternperSampleSet © 2016 Veridium All Rights Reserved
PASSWORD VAULT S • Examples • LastPass • 1Password • Browser extensions • Single point of failure • Non-portable w/o risk of compromise © 2016 Veridium All Rights Reserved
T WO-FACTOR AUT H E NT ICAT ION (2 FA) • An additional step AFTER username & password • The one real cybersecurity improvement in 20 years • Channels • SMS (Twitter & Apple) • Google Authenticator (software app) • RSA dongle (hardware) • Bingo card (A1, F3, H1) © 2016 Veridium All Rights Reserved
P ROB LE MS W IT H 2 FA • Fails if device(s) lost or stolen • NIST recently (25 July 2016) recommended against SMS • SMS can be intercepted/redirected • Codes can be “swiped” if they appear in lock-screen notifications • The algorithms used to generate the 2FA codes can be cracked • 2FA codes can be “phished” from the user Biometrics: The next portable 2FA? © 2016 Veridium All Rights Reserved
BIOMETRICS © 2016 Veridium All Rights Reserved
B IOME T RICS: T H E PASSWORD IS YOU • Face • Fingerprint • Hand • Iris • Voice • DNA • … Physiological • Keystroke • Signature • Voice • Date/Time • Geolocation • … Behavioral Divided, none of these are perfect. Combined, they are a much more robust form of authentication. © 2016 Veridium All Rights Reserved
A H ISTORY OF P OOR START S, B UT H OP E RE MAINS E T E RNAL There have been many attempts at biometrics, but mobile devices have changed the game entirely. © 2016 Veridium All Rights Reserved
FID O STANDARD FIDO Standard Mobile storage & authentication Source: FIDO Alliance © 2016 Veridium All Rights Reserved
IEEE 2410 Biometric Open Protocol Standard (BOPS) Mobile – FIDO-compliant Or, split mobile-server IE E E 2 4 1 0 B OP S © 2016 Veridium All Rights Reserved
V E RID IUMID AUT H E NT ICAT ION © 2016 Veridium All Rights Reserved
V E RID IUMID E NROLLME NT © 2016 Veridium All Rights Reserved
AVAILAB LE B IOME T RIC P LUG INS - Touch ID/Android Fingerprint - 4 Fingers TouchlessID - Face - Iris - Voice - Behavioral And whatever the next biometric on the horizon is… © 2016 Veridium All Rights Reserved
G OOG LE ABACUS • Behavioral • Multifactor • Trust Score © 2016 Veridium All Rights Reserved
PRIVACY NEEDS FOR BIOMETRIC DATA © 2016 Veridium All Rights Reserved
YOUR P H Y SICAL B IOME T RICS D O NOT CH ANG E • Cannot change your biometrics like you can a password • Therefore, they must be carefully protected • This is why regulations have been created for: • Storage • Transport • Encryption © 2016 Veridium All Rights Reserved
RE G ULAT IONS ON B IOME T RIC DATA P RIVACY © 2016 Veridium All Rights Reserved
P RIVACY P ROT E CT ION • Split Biometric: 1/2 on server & 1/2 on mobile or desktop device • Server- and Client-side PKI certificates • Behavioral patterns for risk management • Business rules require multifactor authentication steps © 2016 Veridium All Rights Reserved
SP LIT T ING B IOME T RIC V E CTORS © 2016 Veridium All Rights Reserved
MATCH ING W IT H SP LIT B IOME T RICS © 2016 Veridium All Rights Reserved
T H E PASSWORD IS D E AD • Biometrics are already replacing 2FA • Multifactor Authentication, including biometrics, is proving to be highly effective. • But will biometrics replace passwords completely? © 2016 Veridium All Rights Reserved
QUESTIONS? www.VeridumID.com info@VeridiumID.com Twitter: @Veridium Request a demo at: www.VeridiumID.com/Contact-Us © 2016 Veridium All Rights Reserved

Recommended

Top Biometric Identifiers: Risks & Rewards
Top Biometric Identifiers: Risks & RewardsTop Biometric Identifiers: Risks & Rewards
Top Biometric Identifiers: Risks & RewardsVeridium
 
Beyond Touch ID: Mobile Fingerprinting & Advances in Biometrics
Beyond Touch ID: Mobile Fingerprinting & Advances in BiometricsBeyond Touch ID: Mobile Fingerprinting & Advances in Biometrics
Beyond Touch ID: Mobile Fingerprinting & Advances in BiometricsVeridium
 
How BYOD Will Shape Wireless Network Security in 2012
How BYOD Will Shape Wireless Network Security in 2012How BYOD Will Shape Wireless Network Security in 2012
How BYOD Will Shape Wireless Network Security in 2012hemantchaskar
 
2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary Results2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary ResultsLumension
 
KazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
KazHackStan Doing The IoT Penetration Testing - Yogesh OjhaKazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
KazHackStan Doing The IoT Penetration Testing - Yogesh OjhaYogesh Ojha
 
Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTWSO2
 
Mobile Threats and Owasp Top 10 Risks
Mobile Threats and Owasp Top 10 RisksMobile Threats and Owasp Top 10 Risks
Mobile Threats and Owasp Top 10 RisksSantosh Satam
 
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2
 

Recommended

Top Biometric Identifiers: Risks & Rewards
Top Biometric Identifiers: Risks & RewardsTop Biometric Identifiers: Risks & Rewards
Top Biometric Identifiers: Risks & RewardsVeridium
 
Beyond Touch ID: Mobile Fingerprinting & Advances in Biometrics
Beyond Touch ID: Mobile Fingerprinting & Advances in BiometricsBeyond Touch ID: Mobile Fingerprinting & Advances in Biometrics
Beyond Touch ID: Mobile Fingerprinting & Advances in BiometricsVeridium
 
How BYOD Will Shape Wireless Network Security in 2012
How BYOD Will Shape Wireless Network Security in 2012How BYOD Will Shape Wireless Network Security in 2012
How BYOD Will Shape Wireless Network Security in 2012hemantchaskar
 
2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary Results2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary ResultsLumension
 
KazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
KazHackStan Doing The IoT Penetration Testing - Yogesh OjhaKazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
KazHackStan Doing The IoT Penetration Testing - Yogesh OjhaYogesh Ojha
 
Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTWSO2
 
Mobile Threats and Owasp Top 10 Risks
Mobile Threats and Owasp Top 10 RisksMobile Threats and Owasp Top 10 Risks
Mobile Threats and Owasp Top 10 RisksSantosh Satam
 
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2
 
OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017TecsyntSolutions
 
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...ProductNation/iSPIRT
 
IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process EC-Council
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device SecurityQuick Heal Technologies Ltd.
 
FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016FIDO Alliance
 
Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeBlock Armour
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityJohn Rhoton
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT SystemsSecurity Innovation
 
Bank security
Bank securityBank security
Bank securityPLN9 Security Services Pvt. Ltd.
 
Bank ATM Security to Combat Physical and Logical Cyber Security Threats
Bank ATM Security to Combat Physical and Logical Cyber Security ThreatsBank ATM Security to Combat Physical and Logical Cyber Security Threats
Bank ATM Security to Combat Physical and Logical Cyber Security ThreatsMichelle Morgan-Nelsen
 
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerAvoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerProduct of Things
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Ulf Mattsson
 
The Industrial Immune System
The Industrial Immune SystemThe Industrial Immune System
The Industrial Immune SystemJustin Hayward
 
AirTight Networks - Wireless Security 2011
AirTight Networks - Wireless Security 2011AirTight Networks - Wireless Security 2011
AirTight Networks - Wireless Security 2011Risk Analysis Consultants, s.r.o.
 
Implementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile WorldImplementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile WorldLINE Corporation
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai RevisitedClare Nelson, CISSP, CIPP-E
 
Block Armour Case Study
Block Armour Case StudyBlock Armour Case Study
Block Armour Case StudyBlock Armour
 
Automatski - The Internet of Things - Security in IoT
Automatski - The Internet of Things - Security in IoTAutomatski - The Internet of Things - Security in IoT
Automatski - The Internet of Things - Security in IoTautomatskicorporation
 
The Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's HereThe Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's HereForescout Technologies Inc
 
Top 5 wi fi security threats
Top 5 wi fi security threatsTop 5 wi fi security threats
Top 5 wi fi security threatsgruzabb
 
Biometric Trends for 2017 Webinar
Biometric Trends for 2017 WebinarBiometric Trends for 2017 Webinar
Biometric Trends for 2017 WebinarVeridium
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor AuthenticationRonnie Isherwood
 

More Related Content

What's hot

OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017TecsyntSolutions
 
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...ProductNation/iSPIRT
 
IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process EC-Council
 
FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016FIDO Alliance
 
Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeBlock Armour
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityJohn Rhoton
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT SystemsSecurity Innovation
 
Bank ATM Security to Combat Physical and Logical Cyber Security Threats
Bank ATM Security to Combat Physical and Logical Cyber Security ThreatsBank ATM Security to Combat Physical and Logical Cyber Security Threats
Bank ATM Security to Combat Physical and Logical Cyber Security ThreatsMichelle Morgan-Nelsen
 
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerAvoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerProduct of Things
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Ulf Mattsson
 
The Industrial Immune System
The Industrial Immune SystemThe Industrial Immune System
The Industrial Immune SystemJustin Hayward
 
Implementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile WorldImplementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile WorldLINE Corporation
 
Block Armour Case Study
Block Armour Case StudyBlock Armour Case Study
Block Armour Case StudyBlock Armour
 
Automatski - The Internet of Things - Security in IoT
Automatski - The Internet of Things - Security in IoTAutomatski - The Internet of Things - Security in IoT
Automatski - The Internet of Things - Security in IoTautomatskicorporation
 
The Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's HereThe Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's HereForescout Technologies Inc
 
Top 5 wi fi security threats
Top 5 wi fi security threatsTop 5 wi fi security threats
Top 5 wi fi security threatsgruzabb
 

What's hot (20)

OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017
 
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
 
IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process IoT Security – Executing an Effective Security Testing Process
IoT Security – Executing an Effective Security Testing Process
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device Security
 
FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016
 
Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space Age
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT Systems
 
Bank security
Bank securityBank security
Bank security
 
Bank ATM Security to Combat Physical and Logical Cyber Security Threats
Bank ATM Security to Combat Physical and Logical Cyber Security ThreatsBank ATM Security to Combat Physical and Logical Cyber Security Threats
Bank ATM Security to Combat Physical and Logical Cyber Security Threats
 
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerAvoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017
 
The Industrial Immune System
The Industrial Immune SystemThe Industrial Immune System
The Industrial Immune System
 
AirTight Networks - Wireless Security 2011
AirTight Networks - Wireless Security 2011AirTight Networks - Wireless Security 2011
AirTight Networks - Wireless Security 2011
 
Implementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile WorldImplementing Trusted Endpoints in the Mobile World
Implementing Trusted Endpoints in the Mobile World
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai Revisited
 
Block Armour Case Study
Block Armour Case StudyBlock Armour Case Study
Block Armour Case Study
 
Automatski - The Internet of Things - Security in IoT
Automatski - The Internet of Things - Security in IoTAutomatski - The Internet of Things - Security in IoT
Automatski - The Internet of Things - Security in IoT
 
The Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's HereThe Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's Here
 
Top 5 wi fi security threats
Top 5 wi fi security threatsTop 5 wi fi security threats
Top 5 wi fi security threats
 

Viewers also liked

Biometric Trends for 2017 Webinar
Biometric Trends for 2017 WebinarBiometric Trends for 2017 Webinar
Biometric Trends for 2017 WebinarVeridium
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor AuthenticationRonnie Isherwood
 
Secure Mobile Banking
Secure Mobile BankingSecure Mobile Banking
Secure Mobile BankingVeridium
 
Cybernetics - So much more than robots
Cybernetics - So much more than robotsCybernetics - So much more than robots
Cybernetics - So much more than robotsCatherine Novak, MA
 
Blue brain project ppt
Blue brain project pptBlue brain project ppt
Blue brain project pptLishita Shah
 

Viewers also liked (11)

Biometric Trends for 2017 Webinar
Biometric Trends for 2017 WebinarBiometric Trends for 2017 Webinar
Biometric Trends for 2017 Webinar
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor Authentication
 
3D password
3D password3D password
3D password
 
Cybernetics
CyberneticsCybernetics
Cybernetics
 
Secure Mobile Banking
Secure Mobile BankingSecure Mobile Banking
Secure Mobile Banking
 
Cybernetics Tradition
Cybernetics TraditionCybernetics Tradition
Cybernetics Tradition
 
Cybernetics - So much more than robots
Cybernetics - So much more than robotsCybernetics - So much more than robots
Cybernetics - So much more than robots
 
3D Password PPT
3D Password PPT3D Password PPT
3D Password PPT
 
Blue brain project ppt
Blue brain project pptBlue brain project ppt
Blue brain project ppt
 
Blue Brain
Blue Brain Blue Brain
Blue Brain
 
3d password ppt
3d password ppt3d password ppt
3d password ppt
 

Similar to The Password Is Dead: An Argument for Multifactor Biometric Authentication

Smart Cards & Devices Forum 2013 - Security on mobile
Smart Cards & Devices Forum 2013 - Security on mobileSmart Cards & Devices Forum 2013 - Security on mobile
Smart Cards & Devices Forum 2013 - Security on mobileOKsystem
 
Beyond username and password it's continuous authorization webinar
Beyond username and password it's continuous authorization webinarBeyond username and password it's continuous authorization webinar
Beyond username and password it's continuous authorization webinarForgeRock
 
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly BreachesSave Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly BreachesLancope, Inc.
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsMaxim Salnikov
 
Identity Relationship Management - The Right Approach for a Complex Digital W...
Identity Relationship Management - The Right Approach for a Complex Digital W...Identity Relationship Management - The Right Approach for a Complex Digital W...
Identity Relationship Management - The Right Approach for a Complex Digital W...ForgeRock
 
Mobile security services 2012
Mobile security services 2012Mobile security services 2012
Mobile security services 2012Tjylen Veselyj
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" mycroftinc
 
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesCASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesNowSecure
 
Kurogo Higher Ed Mobile Conference 2017: How Mobility is Driving Changes in C...
Kurogo Higher Ed Mobile Conference 2017: How Mobility is Driving Changes in C...Kurogo Higher Ed Mobile Conference 2017: How Mobility is Driving Changes in C...
Kurogo Higher Ed Mobile Conference 2017: How Mobility is Driving Changes in C...modolabs
 
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesLancope, Inc.
 
ch07-Security.pptx
ch07-Security.pptxch07-Security.pptx
ch07-Security.pptxLuckySaigon1
 
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve WilsonCIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve WilsonCloudIDSummit
 
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat SummitTripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat SummitRippleshot
 
The Case For Next Generation IAM
The Case For Next Generation IAM The Case For Next Generation IAM
The Case For Next Generation IAM Patrick Harding
 
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New AuthenticationPasswords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New AuthenticationPriyanka Aash
 
Identity Live Paris 2017 | Monetising Digital Customer Relationships
Identity Live Paris 2017 | Monetising Digital Customer RelationshipsIdentity Live Paris 2017 | Monetising Digital Customer Relationships
Identity Live Paris 2017 | Monetising Digital Customer RelationshipsForgeRock
 
How Healthcare CISOs Can Secure Mobile Devices
How Healthcare CISOs Can Secure Mobile DevicesHow Healthcare CISOs Can Secure Mobile Devices
How Healthcare CISOs Can Secure Mobile DevicesSkycure
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsBeyondTrust
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
 
Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Lancope, Inc.
 

Similar to The Password Is Dead: An Argument for Multifactor Biometric Authentication (20)

Smart Cards & Devices Forum 2013 - Security on mobile
Smart Cards & Devices Forum 2013 - Security on mobileSmart Cards & Devices Forum 2013 - Security on mobile
Smart Cards & Devices Forum 2013 - Security on mobile
 
Beyond username and password it's continuous authorization webinar
Beyond username and password it's continuous authorization webinarBeyond username and password it's continuous authorization webinar
Beyond username and password it's continuous authorization webinar
 
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly BreachesSave Your Network – Protecting Manufacturing Data from Deadly Breaches
Save Your Network – Protecting Manufacturing Data from Deadly Breaches
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
 
Identity Relationship Management - The Right Approach for a Complex Digital W...
Identity Relationship Management - The Right Approach for a Complex Digital W...Identity Relationship Management - The Right Approach for a Complex Digital W...
Identity Relationship Management - The Right Approach for a Complex Digital W...
 
Mobile security services 2012
Mobile security services 2012Mobile security services 2012
Mobile security services 2012
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise"
 
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesCASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
 
Kurogo Higher Ed Mobile Conference 2017: How Mobility is Driving Changes in C...
Kurogo Higher Ed Mobile Conference 2017: How Mobility is Driving Changes in C...Kurogo Higher Ed Mobile Conference 2017: How Mobility is Driving Changes in C...
Kurogo Higher Ed Mobile Conference 2017: How Mobility is Driving Changes in C...
 
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly Breaches
 
ch07-Security.pptx
ch07-Security.pptxch07-Security.pptx
ch07-Security.pptx
 
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve WilsonCIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
CIS14: Authentication Family Tree (1.1.1 annotated) - Steve Wilson
 
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat SummitTripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
 
The Case For Next Generation IAM
The Case For Next Generation IAM The Case For Next Generation IAM
The Case For Next Generation IAM
 
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New AuthenticationPasswords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
 
Identity Live Paris 2017 | Monetising Digital Customer Relationships
Identity Live Paris 2017 | Monetising Digital Customer RelationshipsIdentity Live Paris 2017 | Monetising Digital Customer Relationships
Identity Live Paris 2017 | Monetising Digital Customer Relationships
 
How Healthcare CISOs Can Secure Mobile Devices
How Healthcare CISOs Can Secure Mobile DevicesHow Healthcare CISOs Can Secure Mobile Devices
How Healthcare CISOs Can Secure Mobile Devices
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin Nystrom
 
Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15
 

Recently uploaded

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 

Recently uploaded (20)

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 

The Password Is Dead: An Argument for Multifactor Biometric Authentication

  • 1. An Argument for Multifactor Biometric Authentication THE PASSWORD IS DEAD © 2016 Veridium All Rights Reserved
  • 2. B E FORE W E B E G IN Attendees have been muted You may submit questions at any time, but we will respond at the conclusion of the presentation during the Q&A session © 2016 Veridium All Rights Reserved
  • 3. John Callahan, PhD Chief Technology Officer B E FORE W E B E G IN • PhD in Computer Science from University of Maryland, College Park • Former Associate Director at the Office of Naval Research, Global, London office • Previously Research Director at the NASA Independent Verification and Validation Facility © 2016 Veridium All Rights Reserved
  • 4. AG E NDA • History of username & password • Password complexity is failing • Biometrics • Physiological and behavioral • Privacy needs for biometric data © 2016 Veridium All Rights Reserved
  • 5. HISTORY OF USERNAME AND PASSWORD © 2016 Veridium All Rights Reserved
  • 6. A T IME OF CRISIS • The password is nearly 40 years old • Username doesn’t truly represent Identity © 2016 Veridium All Rights Reserved
  • 7. NUMB E R OF ACCOUNT S Most people have 10-20 online accounts… …and you are asked to use a different password for all of them! © 2016 Veridium All Rights Reserved
  • 8. A FLUX P OINT • Passwords alone are no longer adequate for cybersecurity © 2016 Veridium All Rights Reserved
  • 9. COST OF CHURN • Best practice is to change passwords every three months • These password resets cost time and money © 2016 Veridium All Rights Reserved
  • 10. H E LP D E SK COST S • Lost password resets also cost time and money • These costs are beyond tolerable © 2016 Veridium All Rights Reserved
  • 11. COMP ROMISE S E X ACE RBAT E LOSS • Lost/Stolen passwords contribute to other database compromises • Users often reuse passwords • Complexity rules become predictable © 2016 Veridium All Rights Reserved
  • 12. PASSWORD COMPLEXITY IS FAILING © 2016 Veridium All Rights Reserved
  • 13. COMP LE X IT Y RULE S • Frequency of change • Minimum Length • Mixture of “ulsd” (upper, lower, special, digit) • Topologies • Difficulty meters: A risk themselves © 2016 Veridium All Rights Reserved
  • 14. CREDIT: XKCD COMP LE X IT Y RULE S ( CONT.) © 2016 Veridium All Rights Reserved
  • 15. ANALY SIS Source: Rick Redman’s 2014 OWASP AppSec USA 2014 talk © 2016 Veridium All Rights Reserved
  • 16. ANALY SIS Source: Rick Redman’s 2014 OWASP AppSec USA 2014 talk © 2016 Veridium All Rights Reserved
  • 17. ANALY SIS Source: Rick Redman’s 2014 OWASP AppSec USA 2014 talk Top 50 Most Commonly Used Topology IDs Across All Samples Frequency of Common Topologies Across All SamplesPercentofPasswordsMatchingGivenPatternperSampleSet © 2016 Veridium All Rights Reserved
  • 18. PASSWORD VAULT S • Examples • LastPass • 1Password • Browser extensions • Single point of failure • Non-portable w/o risk of compromise © 2016 Veridium All Rights Reserved
  • 19. T WO-FACTOR AUT H E NT ICAT ION (2 FA) • An additional step AFTER username & password • The one real cybersecurity improvement in 20 years • Channels • SMS (Twitter & Apple) • Google Authenticator (software app) • RSA dongle (hardware) • Bingo card (A1, F3, H1) © 2016 Veridium All Rights Reserved
  • 20. P ROB LE MS W IT H 2 FA • Fails if device(s) lost or stolen • NIST recently (25 July 2016) recommended against SMS • SMS can be intercepted/redirected • Codes can be “swiped” if they appear in lock-screen notifications • The algorithms used to generate the 2FA codes can be cracked • 2FA codes can be “phished” from the user Biometrics: The next portable 2FA? © 2016 Veridium All Rights Reserved
  • 21. BIOMETRICS © 2016 Veridium All Rights Reserved
  • 22. B IOME T RICS: T H E PASSWORD IS YOU • Face • Fingerprint • Hand • Iris • Voice • DNA • … Physiological • Keystroke • Signature • Voice • Date/Time • Geolocation • … Behavioral Divided, none of these are perfect. Combined, they are a much more robust form of authentication. © 2016 Veridium All Rights Reserved
  • 23. A H ISTORY OF P OOR START S, B UT H OP E RE MAINS E T E RNAL There have been many attempts at biometrics, but mobile devices have changed the game entirely. © 2016 Veridium All Rights Reserved
  • 24. FID O STANDARD FIDO Standard Mobile storage & authentication Source: FIDO Alliance © 2016 Veridium All Rights Reserved
  • 25. IEEE 2410 Biometric Open Protocol Standard (BOPS) Mobile – FIDO-compliant Or, split mobile-server IE E E 2 4 1 0 B OP S © 2016 Veridium All Rights Reserved
  • 26. V E RID IUMID AUT H E NT ICAT ION © 2016 Veridium All Rights Reserved
  • 27. V E RID IUMID E NROLLME NT © 2016 Veridium All Rights Reserved
  • 28. AVAILAB LE B IOME T RIC P LUG INS - Touch ID/Android Fingerprint - 4 Fingers TouchlessID - Face - Iris - Voice - Behavioral And whatever the next biometric on the horizon is… © 2016 Veridium All Rights Reserved
  • 29. G OOG LE ABACUS • Behavioral • Multifactor • Trust Score © 2016 Veridium All Rights Reserved
  • 30. PRIVACY NEEDS FOR BIOMETRIC DATA © 2016 Veridium All Rights Reserved
  • 31. YOUR P H Y SICAL B IOME T RICS D O NOT CH ANG E • Cannot change your biometrics like you can a password • Therefore, they must be carefully protected • This is why regulations have been created for: • Storage • Transport • Encryption © 2016 Veridium All Rights Reserved
  • 32. RE G ULAT IONS ON B IOME T RIC DATA P RIVACY © 2016 Veridium All Rights Reserved
  • 33. P RIVACY P ROT E CT ION • Split Biometric: 1/2 on server & 1/2 on mobile or desktop device • Server- and Client-side PKI certificates • Behavioral patterns for risk management • Business rules require multifactor authentication steps © 2016 Veridium All Rights Reserved
  • 34. SP LIT T ING B IOME T RIC V E CTORS © 2016 Veridium All Rights Reserved
  • 35. MATCH ING W IT H SP LIT B IOME T RICS © 2016 Veridium All Rights Reserved
  • 36. T H E PASSWORD IS D E AD • Biometrics are already replacing 2FA • Multifactor Authentication, including biometrics, is proving to be highly effective. • But will biometrics replace passwords completely? © 2016 Veridium All Rights Reserved
  • 37. QUESTIONS? www.VeridumID.com info@VeridiumID.com Twitter: @Veridium Request a demo at: www.VeridiumID.com/Contact-Us © 2016 Veridium All Rights Reserved