how to make mobile apps secure - mobile login multifactor authentication

15
Mobile Multifactor Authentication User Login Security How To Make Mobile Apps Secure Company Confidential Information

Upload: ccs-global-tech

Post on 14-Jan-2015

217 views

Category:

Documents


7 download

DESCRIPTION

Read more about Mobile Multifactor Authentication , User Login Security Website and Mobile security - Shared by Helm360.

TRANSCRIPT

Page 1: How To Make Mobile Apps Secure - Mobile login multifactor authentication

Mobile Multifactor AuthenticationUser Login Security

How To Make Mobile Apps Secure

Company Confidential Information

Page 2: How To Make Mobile Apps Secure - Mobile login multifactor authentication

Company Confidential Information

Poor Authentication on the Web

• Passwords are poor security:

• People have too many to remember, choose weak passwords, use the same password on multiple sites

• Vulnerable to key loggers, brute force attacks, dictionary attacks, etc.

Website and Mobile security are the most vulnerable area of IT security

• 96% of all breached records were accessed from outside, often by using stolen login credentials or key loggers that capture passwords

• Challenge Questions are poor security

• Tokens, Smart Cards, Biometrics are expensive, not practical for public-facing websites

• Login credentials leaked from one site are used to access other sites

Page 3: How To Make Mobile Apps Secure - Mobile login multifactor authentication

How to Balance Security & UsabilityThe need for strong security that is easy-to-use

• Businesses sacrifice security in an effort to create a “frictionless” experience for online customers.

• This leads to online fraud and identity theft ($221 Billion in fraud last year alone!), data breaches and other security compromises.

• Businesses struggle to enforce strong authentication without burdening customers.

These issues are compounding as people do more online interactions using mobile devices.

Company Confidential Information

Page 4: How To Make Mobile Apps Secure - Mobile login multifactor authentication

Company Confidential Information

Image-Based AuthenticationImage-based authentication that creates a one-time password

1. The first time a user registers with a website or application they select a few categories to remember

2. Each time authentication is needed, they are presented with a grid of random images

3. The user identifies the images that fit their categories and enters the corresponding letters as their one-time password or PIN

Page 5: How To Make Mobile Apps Secure - Mobile login multifactor authentication

Company Confidential Information

Why Images Are BetterEasy to remember

oThe human brain is better at remembering categories and images vs. strings of random A/N characters and symbols.oIndependent study showed users were able to remember their image passwords with 100% success after 16 weeks. Only 40% of users remembered their text passwords.o Create a One-Time Password with every authentication vs. static A/N or site

key imageGuided Recall• When the user sees the Image Grid, the

pictures help trigger their memory of which categories they chose.

Device independent UI•Deploy on multiple devices PC, tablets, and Smart phones•Very easy to use – click/tap

Page 6: How To Make Mobile Apps Secure - Mobile login multifactor authentication

Simple and SecureImage based Multifactor Authentication

Company Confidential Information

Page 7: How To Make Mobile Apps Secure - Mobile login multifactor authentication

Setup: User Selects 3 Categories Images = Multifactor Authentication

Company Confidential Information

Page 8: How To Make Mobile Apps Secure - Mobile login multifactor authentication

After Account is Setup: During User LoginCategories and Associated Images are displayed for

selection

Company Confidential Information

Page 9: How To Make Mobile Apps Secure - Mobile login multifactor authentication

User Selects Correct Images and Access to Application is Granted

Secure User Access to Data

Business Uses

Logins- Replace passwords- Strengthen weak passwords

• Password reset• Anti-Phishing• Replace challenge

questions

Company Confidential Information

Page 10: How To Make Mobile Apps Secure - Mobile login multifactor authentication

Two Factor, Mobile Authentication

Company Confidential Information

• Most solutions send a one-time password as a text message.

• Multifactor Authentication is more secure because it requires the user to authenticate on the phone by identifying their secret categories.

• This is an additional security and process layer that ensures user authentication and access to applications and data.

- If the phone is lost or stolen, any person can read the text and authenticate a fraudulent transaction.

Page 11: How To Make Mobile Apps Secure - Mobile login multifactor authentication

KillSwitch Capability

• In addition to choosing their secret categories for authentication, the user may choose one or more “No Pass” categories

• Sends automatic alerts or locks the account if someone attempts to break in and taps one of the “Kill Switch” categories

• An offensive technique that stops brute force attacks and can identify IP addresses that are attempting brute force attacks and hacking

Company Confidential Information

Page 12: How To Make Mobile Apps Secure - Mobile login multifactor authentication

Expanding the use of the Image Grid – Cross Messaging

Company Confidential Information

EXAMPLES

The pictures above represent examples of potential cross messaging. Wells Fargo has not yet implemented this solution. Logos, messages and

images are flexible and can be customer defined.

Page 13: How To Make Mobile Apps Secure - Mobile login multifactor authentication

Image Based Security Statistics

Highlighted Example:- For a 4x4 grid requiring 3 images the probability of breaking or guessing is 1:3,360

which provides a security level of 99.97023810%.

Security Level 1: Safety Probability

Company Confidential Information

Page 14: How To Make Mobile Apps Secure - Mobile login multifactor authentication

Thank You

How To Make Mobile Apps Secure

Multifactor Imaged Based Authentication adds to the

security of your website and mobile application

Company Confidential Information

Page 15: How To Make Mobile Apps Secure - Mobile login multifactor authentication

Contact Information

Lee MercadoDirector, Technology Sales / HELM360 Phone: (858) 208-4140 | Cell: (603) 418-458413475 Danielson St, Suite 220 | Poway CA

[email protected] | www.helm360.com