Download to read offline
Yubikey- Vincent_generic_authentication.pptx
- 1. © 2021 Yubico Yubico - Globalauthentication leader
- 2. © 2021 Yubico #1 Security problem:Stolen login credentials 2 ● The cost of global cybercrime expected to be $6 trillion in 2021, an increase from $3 trillion 20151 According to Cybersecurity Ventures ● 1 in 3 companies will experience a data breach within two years2 ● 81% of data breaches due to stolen login credentials3 Loss of IP and financial assets Brand damage & loss of customers Decreased stock performance4 Implications of a breach Disruption of operation Sources: 1) Cybersecurity Ventures 2) Cost of a data breach report, IBM, 2019 3) Verizon Data Breach Investigation Report, 2019, 4) Comparitech, 2019
- 3.
- 4. 4 © 2021 Yubico Insert YubiKey Touch/tapdevice 1 2 Easy to Use - Touch to Authenticate Log in takes only a second
- 5. © 2021 Yubico Secure privileged account users(to prevent account breaches) Secure call centers for mobile restricted users (and enable efficient log-in) Protect shared workstation users (and enable efficient log-in, compared to mobile phone Enable remote workforce (and enable secure access from home) Improve UX and security for office workers - Office 365 Protect corporate system access by 3rd parties (protect IP, compliance) Safeguard Yubico customers end customer (secure their accounts) Privileged accounts Mobile restricted Shared workstation Remote workforce Office workers 3rd party user End customers 5 Common situations where YubiKeys improve operations
- 6. FIDO2 FIDO U2FSmart Card (PIV) OATH (TOTP/HOTP) OpenPGP Config Slot 1 and 2 YubiKey Multiple Protocol Support
- 7. © 2021 Yubico 7 Hardware with strong crypto Origin bound keys User presence Manyapps, no shared secret Secure backup Native browser and OS support 7 Yubico’s inventions to protect at scale Lead contributor to FIDO/WebAuthn passwordless standards
- 8. © 2021 Yubico "View the completelist of verified services/apps that work with Yubico products on https://www.yubico.com/works-with-yubikey/catalog/" Computer Login Privileged Access CMS Remote Access & VPN Identity Access Mgmt Developer & Encryption Tools Password Mgmt Online Services Applications supporting YubiKeys
- 9. © 2021 Yubico YubiKey Bio Series •Passwordless MFA – Authenticator + Biometric: The fingerprint enables biometric authentication for greater convenience. • Strong 2FA – Password + (Authenticator + Biometrics): The fingerprint sensor verifies user identity via a fingerprint instead of touch or tap, which verifies user presence
- 10. © 2021 Yubico Quality & compliance 10 FIPS,DFARS, GDPR, PSD2, PIV, OATH, W3C, FIDO Secrets controlled by customers Water-resistant, crush-resistant, no batteries Secure production Robust Compliance
- 11. • Secure • Easy •Affordable
Editor's Notes
- #3 Hva er en yubikey. En fysisk sikkerhetsnøkkel som veldig effektivt forhindrer account takeovers - Som vanligvis skjer ved at brukernavn passord kommer på avveie, -Stjålet/mistet/cracket/fralurt (phising), Svake former for MFA blir hacket Det finnes en YubiKey uansett hva slags mobil / PC eller tablet man bruker, NFC, lightning etc Designet til å henge på nøkkelknippet eller sitte permanent i datamaskinen ( robust, krever ikke batteri og holder i mange, mange år
- #6 Flere protokoller muliggjør bredere støtte Fido2 – videreutvikling av Fido U2F FIDO2 er en åpen standard for autentisering , fra FIDO alliansen.. Regulerer hvordan autentisering via en web browser ved hel av en sikkerhetsnøkkel bruker assymetriske krypteringsnøkler Public + private key(eget nøkkelpar) for hver tjeneste som taes i bruk passwordless microsoft/ samt Webauthn = autentisering direkte i browsere – passwordless sign on til online tjenestene du bruker – Fido u2f – åpen standard for pålogging til online tjenester U2f - brukes ved pålogging til google, facebook, mange flere online tjenester - Smartcard – kan brukes til f eks login på pcer med lokalt AD , vi jobber med flere slike caser.. Et smartere smartkort- Erstatter både smartkort og leser, - signering med sertifikat. OATH – one-time passwords – i stedet for kodebrikker og engangspasord på sms Config slot - for eksempel statisk brukernavn passord Open PGP - kryptering… YubiKeys support multiple modes/protocols all in the same device, thus combining the functions many other devices can only provide individually, solving a wide range of business use cases with a single device OTP application (config slot 1 and 2) - can store 1 credential in each slot, 2 credentials total, for YubiOTP, OATH-HOTP, Static Password, HMAC-SHA1 challenge response…..touch enabled OATH application - can store up to 32 credentials for OATH TOTP, OATH HOTP. In order to manage these credentials and read the OTPs generated by the YubiKey, the Yubico Authenticator software is needed. Communication mechanisms supported include USB-A, USB-C, and/or NFC (YubiKey 5 NFC only) depending on the model chosen. More info: https://support.yubico.com/support/solutions/articles/15000014219-yubikey-5-series-technical-manual
- #7 Yubico created a set of new security capabilities that stop phishing and man-in-the-middle attacks. Our inventions are also the foundation of the new FIDO/WebAuthn standard. Hardware with strong crypto Any software downloaded on a computer or phone is vulnerable for malware and hackers, and besides smart cards most authentication schemes rely on centralized servers with stored credentials that can be breached. With the YubiKey, security is significantly enhanced by storing encryption secrets on a separate secure chip, with no connection to the internet, and using strong public key cryptography where only the public key is stored on the server. Origin bound keys Once a user registers a YubiKey to a service it is bound to the original URL and cannot be tricked to login to a fake website, making the YubiKey an effective defense against phishing attacks. User presence Many authentication solutions expose vulnerabilities through remote attacks after the device is authenticated. The touch sensor on the YubiKey verifies that the person logging in is a real live human behind the computer, and not a trojan or remote hacker. Many apps, no shared secrets. And finally the crown jewel of Yubico inventions… A single YubiKey can work with any number of services - Microsoft Azure, a personal Facebook page and a bank account -with no shared secrets between the services, enabling high security and privacy at scale. Secure back-up Security is never stronger than its weakest link. A common attack for many two-factor authentication technologies is to target weak backup and recovery processes. YubiKeys are secure and affordable enough to be used both for primary and backup authentication. To ensure I am never locked out, I keep a YubIKey inside my computer, one in my keychain, and one in my wallet. Native support in all leading platforms and browser Any extra client software that needs to be downloaded on a phone or computer, not only adds complexity for users, but also increases the risk of being compromised. To offer integrity from end to end, and make the YubiKey work-out-of-the-box, we worked in collaboration with Internet leaders.
- #9 fingeravtrykksleser Verifiserer ikke bare at det er en fysisk person til stede – men også at det er riktig person, ( i likhet med en PIN kode) USB A, USB C Støtter kun FIDO2/U2f – likt Security key
- #12 En fysisk sikkerhetsnøkkel som stopper 100% av alle phishing- og man in the middle angrep Finnes en YubiKey uansett hva slags mobil / PC eller tablet man bruker, NFC, lightning etc Designet til å henge på nøkkelknippet eller sitte i datamaskinen Utrolig robust, krever ikke batteri og holder i mange, mange år