EUROPEAN USER SUMMIT
2
AUTHENTIFUSION
Michael Thelander - Product Marketing ManagerAuthentication
CLARIFYING THE FUTURE OF USER AUTHENTICATION
3
MY GROUP OR TEAM REPORTS TO:
4
Understand Advanced Authentication as a multilayered approach
Understand the critical relationship between Advanced Authentication and Risk
Understand the role of device recognition in a “passwordless” future
Provide a three-step plan to evaluate device-based authentication for your customers
5
6
7
PASSWORDS HAVE BEEN WITH US A LONG T IMEPA S S W O R D S I N R O M A N G A R R I S O N S
1
23
4
5
6
78
9
10
8
PASSWORDS HAVE BEEN WITH US A LONG T IMEPA S S W O R D S I N H A M L E T
9
PASSWORDS HAVE BEEN WITH US A LONG T IMEPA S S W O R D S I N D - D AY , 1 9 4 4
10
The credential market is huge
TARGET70M
SONY 10M
ADOBE152M
HOME DEPOT56M
2014: 675 MILLION RECORDS EXPOSED
EBAY145M
11
2015 adds to 2014’s record
OPM22M
ANTHEM80M
Experian/ T-Mobile
15M
2015: 169 MILLION MORE RECORDS EXPOSED
11MPREMERA
IDENTITY THEFT RESOURCE CENTER
PATREONUnknown
(15GB of passwords)
12
2015 adds to the record exposures from 2014
FROM ONE SELLER *
NOW 1.2 BILLION CREDENTIALS
AVAILABLE ON BLACK MARKET
*An active FBI investigation as reported by SC Magazine, November 2015
13
Protected by only6 passwords.
1 2
3 4
5 6
PASSWORDS ARE INCREASINGLY UNREL IABLE
Consumers have an average of 24 online accounts.
1 2 3 4 5 6
7 8 9 10 11 12
13 14 15 16 17 18
19 20 21 22 23 24
21GRBlue14
21GRGreen14
21BlackGR14
14PurpleGR21
14
“In an era in which passwords are generally considered inadequate, at best, it’s easy to understand why many
organizations are turning to advanced authentication”
-PwC’s Global State of Information Security 2016
15
DEVICES & HARDWARE PC fingerprint based on JS
Phones & devices with SDK Bluetooth & NFC Consumer IoT Contextual data (geo, IP, etc.)
“ADVANCED” ACCORDING TO PWCU S E A N Y O F F O U R M E T H O D S … W I T H O N E I M P O RTA N T A D D I T I O N
1
16
DEVICES & HARDWARE
Valid for a session SMS Text Push Mobile token Mobile “in-app” Proprietary token Smart cards
“ADVANCED” ACCORDING TO PWCU S E A N Y O F F O U R M E T H O D S … W I T H O N E I M P O RTA N T A D D I T I O N
ONE-TIMEPASSWORDS
1
2
17
DEVICES & HARDWARE
Fingerprint scans Retinal, facial scans Voice analysis Brain/heart signals Behavior patterns
“ADVANCED” ACCORDING TO PWCU S E A N Y O F F O U R M E T H O D S … W I T H O N E I M P O RTA N T A D D I T I O N
ONE-TIMEPASSWORDS
BIOMETRIC/BEHAVIOR
1
2
3
18
DEVICES & HARDWARE
Secret questions Captcha Passwords Pattern Matching Local knowledge Web pictographic
“ADVANCED” ACCORDING TO PWCU S E A N Y O F F O U R M E T H O D S … W I T H O N E I M P O RTA N T A D D I T I O N
ONE-TIMEPASSWORDS
BIOMETRIC/BEHAVIOR
KNOWLEDGE
1
2
3
4
19
DEVICES & HARDWARE
Context User’s goal & request Data sensitivity Geo location IP Address (real and
implied) Device reputation Privileged access Vector (TOR browsers,
anonymizers)
“ADVANCED” ACCORDING TO PWCU S E A N Y O F F O U R M E T H O D S … W I T H O N E I M P O RTA N T A D D I T I O N
ONE-TIMEPASSWORDS
BIOMETRIC/BEHAVIOR
KNOWLEDGE
RISK - AWARE1
2
3
4
20
“ADVANCED” ACCORDING TO PWCU S E A N Y O F F O U R M E T H O D S … W I T H O N E I M P O RTA N T A D D I T I O N
DEVICES & HARDWARE1
Context User’s goal & request Data sensitivity Geo location IP Address (real and
implied) Device reputation Privileged access Vector (TOR browsers,
anonymizers)
RISK - AWARE
21
“Consumers will adopt solutions that ease the burden of remembering passwords or carrying tokens.
Authentication must be frictionless and easy to use.”
Suzanne Hall, Managing Director, from PwC’s Global State of Information Security 2016
22
Device-based authentication with
context-aware risk assessment
becomes the norm
3
REPLACEMENT
Limit the use of passwords to high-
risk transactions and
requests only
2
AVOIDANCE
THE ROAD TO PASSWORDLESS
1
Use device recognition to
augment passwords and reduce friction
IMPROVEMENT
23
Something you KNOW
Something you HAVE
Something you ARE
ADVANCED AUTHENTICATION REQUIRES 2 FACTORS
W H Y “ D E V I C E I D ” I S T H E F O U N D AT I O N O F A P A S S W O R D L E S S F U T U R E
24
ADVANCE AUTHENTICATION INCLUDES RISK CONTEXT
W H E R E D O W E E X P E R I E N C E T H E G R E AT E S T R I S K ?
WEBSITE
25
RISK IN CONTEXTW I T H D I F F E R E N T A U T H E N T I C AT I O N M E T H O D S
26
DEVICE AUTHENTICAT ION WORKFLOW
DEVICE ID
GEO LOCATION
DEVICE INTEGRITY
ADDITIONAL DEVICE CONTEXT
ASSOCIATIONS &REPUTATION
USER ACCESS
27
DEVICE AUTHENTICAT ION WORKFLOW
DEVICE ID
GEO LOCATION
DEVICE INTEGRITY
ADDITIONAL DEVICE CONTEXT
ASSOCIATIONS &REPUTATION
USER ACCESS
+10SCORE
LOW RISK = FrictionlessConsumer Experience
SHOPPINGRESOURCESNEWS
+10SCORE
28
DEVICE AUTHENTICAT ION WORKFLOW
DEVICE ID
GEO LOCATION
DEVICE INTEGRITY
ADDITIONAL DEVICE CONTEXT
ASSOCIATIONS &REPUTATION
USER ACCESS
0SCORE
MEDIUM RISK= Moderate Friction
USERNAME &PASSWORD
29
DEVICE AUTHENTICAT ION WORKFLOW
DEVICE ID
GEO LOCATION
DEVICE INTEGRITY
ADDITIONAL DEVICE CONTEXT
ASSOCIATIONS &REPUTATION
USER ACCESS
-10SCORE
HIGH RISK= Step-Up Authentication
FRAUD TEAM
30
DEVICE AUTHENTICAT ION WORKFLOW
DEVICE ID
GEO LOCATION
DEVICE INTEGRITY
ADDITIONAL DEVICE CONTEXT
ASSOCIATIONS &REPUTATION
USER ACCESS
+10SCORE
0SCORE
-10SCORE
LOW RISK = FrictionlessConsumer Experience
MEDIUM RISK= Moderate Friction
HIGH RISK= Step-Up Authentication
CREDENTIALINPUT
CREDENTIALINPUT
SHOPPINGRESOURCESNEWS
USERNAME &PASSWORD
CREDENTIALINPUT
31
DEVICE CHANGE TOLERANCEW H AT A B O U T N AT U R A L D AY-T O - D AY C H A N G E S ?
FONTSBROWSERLOCATION
EXPECTED
NOT EXPECTED
UPDATEDBROWSER
-12BROWSERREGRESSION
+1LIMITEDTRAVEL
MULTIPLE TIME ZONES IN 1 HOUR
Aa
32
PRECISE MATCH FUZZY MATCH
ELAST IC DEVICE MATCHING
Device Type: MACBOOK PRO Device Type: MACBOOK PRO
MINIMUM THRESHOLD
MAXIMUM THRESHOLD
Operating System OS X YosemiteIP Address 22.231.113.64Browser Safari 8.0.2Language EnglishScreen Resolution 2880 x 1800
Operating System OS X Yosemite or later
IP Address Similar LocationBrowser Safari 8.0.2 or laterLanguage EnglishScreen Resolution 2880 x 1800
33
HISTORICALREPUTATION
SECURITY RISK INDICATORS
LINKS ANDASSOCIATIONS
ANOMALOUS BEHAVIOR
AUTHORIZEDFOR ACCOUNT
34
35
HISTORICALREPUTATION
SECURITY RISK INDICATORS
LINKS ANDASSOCIATIONS
ANOMALOUS BEHAVIOR
AUTHORIZEDFOR ACCOUNT
36
37
1. For brand managers, product owners, or web experience managers, understand where the greatest risk is in your site
2. Understand what benefits would be realized if your customers experienced less friction
3. Assess the impact of a device-based alternative to your current methods of authentication
THREE-STEP PLANE V A L U AT E I O V AT I O N ’ S C U S T O M E R A U T H E N T I C AT I O N F O R Y O U R S I T E S
38
iovation’s Customer Authentication service
wins “Best Multi-factor Authentication Solution”
in Cyber Defense Magazine’s 2016 Editor’s Choice Awards
CONTACT US
www.iovation.comtwitter.com/iovation
Product Marketing Manager, AuthenticationMICHAEL THELANDER
[email protected]+1 503-224-6010