EUROPEAN USER SUMMIT

2

AUTHENTIFUSION

Michael Thelander - Product Marketing ManagerAuthentication

CLARIFYING THE FUTURE OF USER AUTHENTICATION

3

MY GROUP OR TEAM REPORTS TO:

4

Understand Advanced Authentication as a multilayered approach

Understand the critical relationship between Advanced Authentication and Risk

Understand the role of device recognition in a “passwordless” future

Provide a three-step plan to evaluate device-based authentication for your customers

5

6

7

PASSWORDS HAVE BEEN WITH US A LONG T IMEPA S S W O R D S I N R O M A N G A R R I S O N S

1

23

4

5

6

78

9

10

8

PASSWORDS HAVE BEEN WITH US A LONG T IMEPA S S W O R D S I N H A M L E T

9

PASSWORDS HAVE BEEN WITH US A LONG T IMEPA S S W O R D S I N D - D AY , 1 9 4 4

10

The credential market is huge

TARGET70M

SONY 10M

ADOBE152M

HOME DEPOT56M

2014: 675 MILLION RECORDS EXPOSED

EBAY145M

11

2015 adds to 2014’s record

OPM22M

ANTHEM80M

Experian/ T-Mobile

15M

2015: 169 MILLION MORE RECORDS EXPOSED

11MPREMERA

IDENTITY THEFT RESOURCE CENTER

PATREONUnknown

(15GB of passwords)

12

2015 adds to the record exposures from 2014

FROM ONE SELLER *

NOW 1.2 BILLION CREDENTIALS

AVAILABLE ON BLACK MARKET

*An active FBI investigation as reported by SC Magazine, November 2015

13

Protected by only6 passwords.

1 2

3 4

5 6

PASSWORDS ARE INCREASINGLY UNREL IABLE

Consumers have an average of 24 online accounts.

1 2 3 4 5 6

7 8 9 10 11 12

13 14 15 16 17 18

19 20 21 22 23 24

21GRBlue14

21GRGreen14

21BlackGR14

14PurpleGR21

14

“In an era in which passwords are generally considered inadequate, at best, it’s easy to understand why many

organizations are turning to advanced authentication”

-PwC’s Global State of Information Security 2016

15

DEVICES & HARDWARE PC fingerprint based on JS

Phones & devices with SDK Bluetooth & NFC Consumer IoT Contextual data (geo, IP, etc.)

“ADVANCED” ACCORDING TO PWCU S E A N Y O F F O U R M E T H O D S … W I T H O N E I M P O RTA N T A D D I T I O N

1

16

DEVICES & HARDWARE

Valid for a session SMS Text Push Mobile token Mobile “in-app” Proprietary token Smart cards

“ADVANCED” ACCORDING TO PWCU S E A N Y O F F O U R M E T H O D S … W I T H O N E I M P O RTA N T A D D I T I O N

ONE-TIMEPASSWORDS

1

2

17

DEVICES & HARDWARE

Fingerprint scans Retinal, facial scans Voice analysis Brain/heart signals Behavior patterns

“ADVANCED” ACCORDING TO PWCU S E A N Y O F F O U R M E T H O D S … W I T H O N E I M P O RTA N T A D D I T I O N

ONE-TIMEPASSWORDS

BIOMETRIC/BEHAVIOR

1

2

3

18

DEVICES & HARDWARE

Secret questions Captcha Passwords Pattern Matching Local knowledge Web pictographic

“ADVANCED” ACCORDING TO PWCU S E A N Y O F F O U R M E T H O D S … W I T H O N E I M P O RTA N T A D D I T I O N

ONE-TIMEPASSWORDS

BIOMETRIC/BEHAVIOR

KNOWLEDGE

1

2

3

4

19

DEVICES & HARDWARE

Context User’s goal & request Data sensitivity Geo location IP Address (real and

implied) Device reputation Privileged access Vector (TOR browsers,

anonymizers)

“ADVANCED” ACCORDING TO PWCU S E A N Y O F F O U R M E T H O D S … W I T H O N E I M P O RTA N T A D D I T I O N

ONE-TIMEPASSWORDS

BIOMETRIC/BEHAVIOR

KNOWLEDGE

RISK - AWARE1

2

3

4

20

“ADVANCED” ACCORDING TO PWCU S E A N Y O F F O U R M E T H O D S … W I T H O N E I M P O RTA N T A D D I T I O N

DEVICES & HARDWARE1

Context User’s goal & request Data sensitivity Geo location IP Address (real and

implied) Device reputation Privileged access Vector (TOR browsers,

anonymizers)

RISK - AWARE

21

“Consumers will adopt solutions that ease the burden of remembering passwords or carrying tokens.

Authentication must be frictionless and easy to use.”

Suzanne Hall, Managing Director, from PwC’s Global State of Information Security 2016

22

Device-based authentication with

context-aware risk assessment

becomes the norm

3

REPLACEMENT

Limit the use of passwords to high-

risk transactions and

requests only

2

AVOIDANCE

THE ROAD TO PASSWORDLESS

1

Use device recognition to

augment passwords and reduce friction

IMPROVEMENT

23

Something you KNOW

Something you HAVE

Something you ARE

ADVANCED AUTHENTICATION REQUIRES 2 FACTORS

W H Y “ D E V I C E I D ” I S T H E F O U N D AT I O N O F A P A S S W O R D L E S S F U T U R E

24

ADVANCE AUTHENTICATION INCLUDES RISK CONTEXT

W H E R E D O W E E X P E R I E N C E T H E G R E AT E S T R I S K ?

WEBSITE

25

RISK IN CONTEXTW I T H D I F F E R E N T A U T H E N T I C AT I O N M E T H O D S

26

DEVICE AUTHENTICAT ION WORKFLOW

DEVICE ID

GEO LOCATION

DEVICE INTEGRITY

ADDITIONAL DEVICE CONTEXT

ASSOCIATIONS &REPUTATION

USER ACCESS

27

DEVICE AUTHENTICAT ION WORKFLOW

DEVICE ID

GEO LOCATION

DEVICE INTEGRITY

ADDITIONAL DEVICE CONTEXT

ASSOCIATIONS &REPUTATION

USER ACCESS

+10SCORE

LOW RISK = FrictionlessConsumer Experience

SHOPPINGRESOURCESNEWS

+10SCORE

28

DEVICE AUTHENTICAT ION WORKFLOW

DEVICE ID

GEO LOCATION

DEVICE INTEGRITY

ADDITIONAL DEVICE CONTEXT

ASSOCIATIONS &REPUTATION

USER ACCESS

0SCORE

MEDIUM RISK= Moderate Friction

USERNAME &PASSWORD

29

DEVICE AUTHENTICAT ION WORKFLOW

DEVICE ID

GEO LOCATION

DEVICE INTEGRITY

ADDITIONAL DEVICE CONTEXT

ASSOCIATIONS &REPUTATION

USER ACCESS

-10SCORE

HIGH RISK= Step-Up Authentication

FRAUD TEAM

30

DEVICE AUTHENTICAT ION WORKFLOW

DEVICE ID

GEO LOCATION

DEVICE INTEGRITY

ADDITIONAL DEVICE CONTEXT

ASSOCIATIONS &REPUTATION

USER ACCESS

+10SCORE

0SCORE

-10SCORE

LOW RISK = FrictionlessConsumer Experience

MEDIUM RISK= Moderate Friction

HIGH RISK= Step-Up Authentication

CREDENTIALINPUT

CREDENTIALINPUT

SHOPPINGRESOURCESNEWS

USERNAME &PASSWORD

CREDENTIALINPUT

31

DEVICE CHANGE TOLERANCEW H AT A B O U T N AT U R A L D AY-T O - D AY C H A N G E S ?

FONTSBROWSERLOCATION

EXPECTED

NOT EXPECTED

UPDATEDBROWSER

-12BROWSERREGRESSION

+1LIMITEDTRAVEL

MULTIPLE TIME ZONES IN 1 HOUR

Aa

32

PRECISE MATCH FUZZY MATCH

ELAST IC DEVICE MATCHING

Device Type: MACBOOK PRO Device Type: MACBOOK PRO

MINIMUM THRESHOLD

MAXIMUM THRESHOLD

Operating System OS X YosemiteIP Address 22.231.113.64Browser Safari 8.0.2Language EnglishScreen Resolution 2880 x 1800

Operating System OS X Yosemite or later

IP Address Similar LocationBrowser Safari 8.0.2 or laterLanguage EnglishScreen Resolution 2880 x 1800

33

HISTORICALREPUTATION

SECURITY RISK INDICATORS

LINKS ANDASSOCIATIONS

ANOMALOUS BEHAVIOR

AUTHORIZEDFOR ACCOUNT

34

35

HISTORICALREPUTATION

SECURITY RISK INDICATORS

LINKS ANDASSOCIATIONS

ANOMALOUS BEHAVIOR

AUTHORIZEDFOR ACCOUNT

36

37

1. For brand managers, product owners, or web experience managers, understand where the greatest risk is in your site

2. Understand what benefits would be realized if your customers experienced less friction

3. Assess the impact of a device-based alternative to your current methods of authentication

THREE-STEP PLANE V A L U AT E I O V AT I O N ’ S C U S T O M E R A U T H E N T I C AT I O N F O R Y O U R S I T E S

38

iovation’s Customer Authentication service

wins “Best Multi-factor Authentication Solution”

in Cyber Defense Magazine’s 2016 Editor’s Choice Awards

CONTACT US

www.iovation.comtwitter.com/iovation

Product Marketing Manager, AuthenticationMICHAEL THELANDER

michael.thelander@iovation.com+1 503-224-6010