Password Problem - Solved!
-
Upload
intensity-analytics -
Category
Software
-
view
95 -
download
0
description
Transcript of Password Problem - Solved!
Password Problem – SOLVED!
An entirely new approach to security:Know who is there by how they type
A BIG Problem …
Passwords are ineffective
Passwords are valuable targets
Password alternatives are breached
Solutions hacked
Fingerprint biometrics@ geek.com
Mar 2011 – Comodo CertsSep 2011 – DigiNotar Certs
Mar 2011 – RSA SecurID
Social Media Sites hacked
Mar 2013 – 50M Passwords
Jun 2012 – 6.5M accounts
Feb 2013 – 250k passwords
Retailers hacked
Nov-Dec 2013 – 110M accounts
May 2014 – 145M accounts
Jan 2014 – 1.1M accounts
How We Solve It
my usernamemy password
my valuable data
$
Our Solution
A new biometric approach to security…
Recognize users typing characteristics …
• Known text (e.g., passwords)
• Unrestricted text (e.g., e-mail)
• Activities on the desktop (foreground / background)
… without capturing any content
Our products answer …
is it them?
is it still them?
when is it occurring?
what are they doing?
where are they?
combined - context-aware, strongly authenticated computing
what else is going on?
TickStream® Activity TickStream® KeyID
Our Edge
Strong authentication and awareness with …
• Nothing to remember
• No personally identifiable information (PII)
• Nothing to carry around
• Nothing to be shared
• Nothing to maintain
• UNIQUE biometrics – (ours can be changed or withdrawn)
Products
Attributes
securityno
memorynoPII
no equipment
no maintenance
low cost
easy to use
Intensity Analytics Passwords Tokens Fingerprints Facial recognition
Good
Okay
Poor
Comparison
The Factors of Authentication
Security is based on the presentation of evidence of identity when the user attempts to sign in:
Knowledge factor: something you know
Ownership factor: something you have
Inherence factor: something you are
What we add is new:
Behavioral factor: something you doTickStream.KeyID makes it possible for the computer to observehow you behave in a well-defined context – passively through your keyboard as you enter your username and password.
Benefits over existing solutions
• Security– More difficult to impersonate than other biometrics – helps defeat replay attacks– It's not a "copy" that can be duplicated, but rather behavior that has to be performed in real-time– Can discern input from the keyboard vs. malware – helps defeat key-loggers and other types of malware– All data is encrypted - Network traffic via SSL & at-rest data via AES-256
• Privacy– No Personally Identifiable Information (PII) is generated or stored
• Implementation– Transparency - quickly add a biometric factor to existing password-based systems– Flexibility - tune to the appropriate level of security depending on the assets being protected– Application agnostic - no training required to identify specific application details, patterns, etc.– Broad platform support - native Windows applications or any web application regardless of platform– No OEM or open source components – 100% our IP– Enterprise scalability and simple component design
• Usability– Frictionless - people just keep working as usual – minimize negative impact to user experience– Uses ubiquitous hardware – no need for specialized readers or scanners– Improved user experience - reduce password complexity rules and forced password expiration
Use Cases
• Authentication– Web applications– VPN access– Use as multi-factor authentication– Password self-service (without using PII): eliminate password reset calls to help desk
• Constant Validation– Authenticate all transactions within a session– Strong non-repudiation (biometric digital signature – prove the negative)– Detect when unauthorized personnel access an open system
• Fraud Detection and Monitoring– Detect when users change (keyboard & password sharing, license violations)– Identify and differentiate multi-user access to generic and role accounts– Automate detection of breached accounts
• Software License Management– Eliminate shared credentials– Identify unused licenses
The Competition
Fingerprint
Tokens
Cell phones
One-timecodes
Hardware-based
biometricsPasswords
Popular alternatives
Widely used
Unpopular alternatives
Gaining traction
● 3M Cogent, Inc● Aware, Inc● BIO-key International, Inc● Cross Match Technologies, Inc● DigitalPersona, Inc● Fujitsu Ltd● Lumidigm, Inc● M2SYS LLC● NEC Corporation● SAFRAN SA● Siemens AG● Suprema, Inc● ZKTeco, Inc
Biometric vendors abound
3 Reasons To Buy ….
• Costs Less– Than other biometrics and token-based systems: it’s entirely software-based– Training costs are a fraction of other security solutions– Support costs are a fraction of other security solutions– Integration costs are a fraction of other security solutions– Password self-service (without using PII): eliminate password reset calls to help desk
• Enhanced User Experience– No more need to memorize complex passwords– No more need to change passwords every 30 days, 90 days, etc.
• Better Performance– Than other biometrics (proven by published independent 3rd-Party validation)– False Acceptance Rates as good as or better than fingerprint, retinal / iris scans, facial
scans, voice recognition
What other solution combines all three advantages?
Bottom Line
Nobody Likes Passwords
Passwords ARE Dying
We Solve That!
Let’s Get Started!
Kevin SpanbauerVP, Business DevelopmentIntensity Analytics Corporationkspanbauer@intensityanalytics.comwww.intensityanalytics.com(952) 250-0836