Beyond passwords: time for a change
-
Upload
olivier-potonniee -
Category
Technology
-
view
894 -
download
3
description
Transcript of Beyond passwords: time for a change
![Page 1: Beyond passwords: time for a change](https://reader034.fdocuments.in/reader034/viewer/2022050804/54b5b84a4a7959da498b4577/html5/thumbnails/1.jpg)
Beyond password:
Time for a change
Olivier Potonniée
Octobre 2013
![Page 2: Beyond passwords: time for a change](https://reader034.fdocuments.in/reader034/viewer/2022050804/54b5b84a4a7959da498b4577/html5/thumbnails/2.jpg)
How can web applications authenticate their
online users?
Beyond password: Time for a change 2
![Page 3: Beyond passwords: time for a change](https://reader034.fdocuments.in/reader034/viewer/2022050804/54b5b84a4a7959da498b4577/html5/thumbnails/3.jpg)
Often…
Beyond password: Time for a change 3
![Page 4: Beyond passwords: time for a change](https://reader034.fdocuments.in/reader034/viewer/2022050804/54b5b84a4a7959da498b4577/html5/thumbnails/4.jpg)
Passwords?
Beyond password: Time for a change 4
RockYou social network, Dec 2009: 30,000,000 passwords
10,000 (0.03%)
24%
40% uniques
1,000
12% 100 : 5%
290,729 (1%)
![Page 5: Beyond passwords: time for a change](https://reader034.fdocuments.in/reader034/viewer/2022050804/54b5b84a4a7959da498b4577/html5/thumbnails/5.jpg)
Attacks
Beyond password: Time for a change 5
Compromised passwords
in 2013:
Living Social: 50 millions
EverNote: 50 millions
Drupal: 1 million
Twitter: 250,000
…
Social
75%
(BitDefender)
![Page 6: Beyond passwords: time for a change](https://reader034.fdocuments.in/reader034/viewer/2022050804/54b5b84a4a7959da498b4577/html5/thumbnails/6.jpg)
Strong Authentication
Beyond password: Time for a change 6
At least 2 of:
Something you know (password, pin, etc.)
Something you have (card, mobile, etc.)
Something you are (biometrics)
Independents, protected
![Page 7: Beyond passwords: time for a change](https://reader034.fdocuments.in/reader034/viewer/2022050804/54b5b84a4a7959da498b4577/html5/thumbnails/7.jpg)
Beyond password: Time for a change 7
Protiva
Cloud Confirm
![Page 8: Beyond passwords: time for a change](https://reader034.fdocuments.in/reader034/viewer/2022050804/54b5b84a4a7959da498b4577/html5/thumbnails/8.jpg)
Beyond password: Time for a change 8
![Page 9: Beyond passwords: time for a change](https://reader034.fdocuments.in/reader034/viewer/2022050804/54b5b84a4a7959da498b4577/html5/thumbnails/9.jpg)
Beyond password: Time for a change 9
I have an issue with smart cards
![Page 10: Beyond passwords: time for a change](https://reader034.fdocuments.in/reader034/viewer/2022050804/54b5b84a4a7959da498b4577/html5/thumbnails/10.jpg)
Beyond password: Time for a change 10
![Page 11: Beyond passwords: time for a change](https://reader034.fdocuments.in/reader034/viewer/2022050804/54b5b84a4a7959da498b4577/html5/thumbnails/11.jpg)
Need to define YOUR solution
Beyond password: Time for a change 11
Secure
Cheap Convenient
![Page 12: Beyond passwords: time for a change](https://reader034.fdocuments.in/reader034/viewer/2022050804/54b5b84a4a7959da498b4577/html5/thumbnails/12.jpg)
Social Login
Beyond password: Time for a change 12
Identity reuse
Simpler for users (no new identifier to remember)
Single-Sign-On (SSO)
Alleviate the application
Privacy risks
Traceability
Disclosure of personal data
![Page 13: Beyond passwords: time for a change](https://reader034.fdocuments.in/reader034/viewer/2022050804/54b5b84a4a7959da498b4577/html5/thumbnails/13.jpg)
Authentication delegation
Beyond password: Time for a change 13
![Page 14: Beyond passwords: time for a change](https://reader034.fdocuments.in/reader034/viewer/2022050804/54b5b84a4a7959da498b4577/html5/thumbnails/14.jpg)
Delegation protocols
Beyond password: Time for a change 14
SAML
OAuth
![Page 16: Beyond passwords: time for a change](https://reader034.fdocuments.in/reader034/viewer/2022050804/54b5b84a4a7959da498b4577/html5/thumbnails/16.jpg)
OpenID
Identity
Provider
Beyond password: Time for a change 16
Authentication
Who are you? Give him a
certificate
Alice
(nat sakimura)
![Page 17: Beyond passwords: time for a change](https://reader034.fdocuments.in/reader034/viewer/2022050804/54b5b84a4a7959da498b4577/html5/thumbnails/17.jpg)
Authentication via email
Beyond password: Time for a change 17
Who are you?
Here’s my email,
give him a
certificate
Alice
Verifier
Identity
Provider
Does this email
belong to her?
![Page 18: Beyond passwords: time for a change](https://reader034.fdocuments.in/reader034/viewer/2022050804/54b5b84a4a7959da498b4577/html5/thumbnails/18.jpg)
Assertions
Beyond password: Time for a change 18
SAML
Who are you? Give him a
certificate
Alice
SAML
Identity
Provider
![Page 19: Beyond passwords: time for a change](https://reader034.fdocuments.in/reader034/viewer/2022050804/54b5b84a4a7959da498b4577/html5/thumbnails/19.jpg)
Authorization to access personal data
Beyond password: Time for a change 19
OAuth
![Page 20: Beyond passwords: time for a change](https://reader034.fdocuments.in/reader034/viewer/2022050804/54b5b84a4a7959da498b4577/html5/thumbnails/20.jpg)
Alice
Beyond password: Time for a change 20
Authorization OAuth
Who are you?
Give him an
access key
OAuth
Server
![Page 21: Beyond passwords: time for a change](https://reader034.fdocuments.in/reader034/viewer/2022050804/54b5b84a4a7959da498b4577/html5/thumbnails/21.jpg)
Authorization to access identity
Beyond password: Time for a change 21
Alice Who are you?
OpenID Connect
Server Give him an
access key
![Page 22: Beyond passwords: time for a change](https://reader034.fdocuments.in/reader034/viewer/2022050804/54b5b84a4a7959da498b4577/html5/thumbnails/22.jpg)
Define YOUR solution
Beyond password: Time for a change 22
Confidentiality / Personal data sharing?
Pre-registration of web application?
Dependency to an identity provider?
Authentication methods?
![Page 23: Beyond passwords: time for a change](https://reader034.fdocuments.in/reader034/viewer/2022050804/54b5b84a4a7959da498b4577/html5/thumbnails/23.jpg)
THE Message
Beyond password: Time for a change 23
Passwords are bad
Strong Authentication
Too many identities is inconvenient
Reuse identities (emails, social networks…)
Authentication is a sensitive and potentially complex task
Delegation, SSO
Privacy needs to be protected
Don’t ask for more data or access rights than needed
![Page 24: Beyond passwords: time for a change](https://reader034.fdocuments.in/reader034/viewer/2022050804/54b5b84a4a7959da498b4577/html5/thumbnails/24.jpg)
Thanks
Beyond password: Time for a change 24