Beyond Passwords: FIDO (Fast IDentity Online) and the Larger Market for Strong Authentication

Post on 29-Nov-2014

1.083 views 1 download

Preview:

Click to see full reader
Report this document
SHARE

description

From Voice Biometrics Conference San Francisco (May 8-9, 2013), Michael Barrett, Chief Information Security Officer, PayPal -- With the explosive growth of electronic commerce and mobile banking, the need for strong authentication is growing. PayPal is helping spearhead the FIDO Alliance, which introduces a viable alternative to passwords with a standards-based approach to authentication that raises security and ensures privacy, while simplifying authentication. FIDO unleashes vast potential for both existing and many new markets. The question is: "How big is the market opportunity for voice and all biometrics in a FIDO enabled world?"

Transcript of Beyond Passwords: FIDO (Fast IDentity Online) and the Larger Market for Strong Authentication

PayPal TM

Michael Barrett, CISM, CISSP Chief Information Security Officer

Voice  Biometrics  Conference  May  8,  2013  

Opportunity for Better Authentication is Upon Us Passwords Just Do Not Work…

For Users For Organizations

Painful to Use  

•  25  Accounts  •  8  Logins  /  Day  •  6.5  Passwords  

Difficult to Secure

•  $5.5M / Data Breach •  $15M / PWD Reset •  $60+ / Token

For the Ecosystem

Impossible to Scale

•  Fragmented •  Inflexible •  Slow to Adopt

Common experiences related to authentication failure (respondents who say it happened to them one or more times over the past 2 years)

Users are frustrated - password complexity requirements working against them instead of supporting them

Experiences with Identity and Authentication

JUST EASY

SECURE & EASY

JUST BAD

Hig

h Se

curit

y Lo

w

UNPLEASANT

Low High Usability

Security is not a Continuum…

DO YOU REALLY WANT YOUR REFRIGERATOR TO KNOW YOUR PAYPAL

PASSWORD?

Do You Really Want Your Refrigerator to Know Your PayPal Password?

Newer Technologies Exist

0

20

40

60

80

100

120

2006 2007 2008 2009 2010 2011 2012

Authentication Vendors

Increasing Options

Authentication Standards Combined with Advances in Biometrics Provide a New Path Forward

How FIDO Works

FIDO Authenticators

Website Browser

FIDO Plugin

Device Specific Module

64

1

23 5

Validation Cache

secret secrets

refr

esh

Vendor Tokens FIDO

Repository

•  User picks their own token type

•  User decides when/if to bind their token to their account

•  Existing tokens (like finger) can be used by downloading the FIDO plugin

•  User can download the plugin from various sites

•  User could have a PIN-protected USB drive to use while travelling

The FIDO “User” Experience

Please say your passphrase to log into your account

Speak

Voice Experience

Finger Experience

USB Experience

Ø The Internet needs better authentication, now Ø Stronger authentication is not “better

authentication” Ø An industry standards based approach is the

only viable way forward Ø “Whether you believe you can do a thing, or

not, you are right” (Henry Ford)

Michael Barrett, CISM, CISSP Chief Information Security Officer

mbarrett@paypal.com

PayPal TM

Thank You for Your Time!

Top related

Secure Authentication · Yubico Enterprise Authentication 10 Cloud Services On-premises Services Smart Card OTP Smart Card FIDO U2F FIDO U2F OTP FIDO U2F Employee Admins Privileged
 Documents
The FIDO Authentication
 Documents
Vip strong authentication : No Passwords - infographic by Symantec
 Internet
e-ID and Mobile ID - EEMA• FIDO: It defines an open, scalable and interoperable set of mechanisms with the aim of reducing the use of passwords for the authentication of users •
 Documents
Password Based Authentication Scheme: Safety and ...2 Password based Authentication Textual Passwords Graphical Passwords Attacks on Password Based Scheme 3 Existing Techniques DAS
 Documents
FIDO and beyond - where authentication meets identification … · introduction into regular PT operation •Mobile Applications & Test FIDO Alliance. AUthentication Open eID / PA
 Documents
Authentication: Passwords and Security Questions
 Documents
U2F Authentication Tokens - Cryptsoft · FIDO compliant second factor authentication token U2F Authentication Tokens Cryptsoft and Feitian have collaborated to deliver a Fast IDentity
 Documents
Authentication Using Graphical Passwords: Effects of ... · PDF fileAuthentication Using Graphical ... Graphical passwords, authentication, password ... to alphanumeric password [33,
 Documents
FIDO Modern Authentication - Crypto Vision · FIDO –Modern Authentication 4 Password Problem Hacked from databases Re-used across sites Ill-suited for mobile devices Phished Key
 Documents
STRONG AUTHENTICATION ... NO PASSWORDS
 Internet
FIDO, Federation & Facebook Social login · 22 All Rights Reserved | FIDO Alliance | Copyright 2017 User verification Authenticator FIDO Authentication. Author: Andrea Madore Created
 Documents
FIDO, PKI & beyond: Where Authentication Meets Identification
 Technology
FIDO and Strong Authentication in US Federal Government
 Technology
Universal Second Factor authentication or why 2FA today is ... · 2/22/2018  · Today we learned Passwords are hard 2FA is wubalubadubdub, and we need to do something about it. FIDO
 Documents
NIST 800-63 Guidance & FIDO Authentication
 Technology
Identity Tech Talks #3 FIDO futur of authentication
 Internet
Introduction to FIDO Authentication
 Technology
Google & FIDO Authentication
 Technology
Are Passwords Passé? Deployment Strategies for Multifactor Authentication (242304904)
 Documents

Copyright © 2022 FDOCUMENTS