Beyond Passwords: FIDO (Fast IDentity Online) and the Larger Market for Strong Authentication

•

1 j'aime•2,566 vues

From Voice Biometrics Conference San Francisco (May 8-9, 2013), Michael Barrett, Chief Information Security Officer, PayPal -- With the explosive growth of electronic commerce and mobile banking, the need for strong authentication is growing. PayPal is helping spearhead the FIDO Alliance, which introduces a viable alternative to passwords with a standards-based approach to authentication that raises security and ensures privacy, while simplifying authentication. FIDO unleashes vast potential for both existing and many new markets. The question is: "How big is the market opportunity for voice and all biometrics in a FIDO enabled world?"

Technologie

PayPal
TM
Michael Barrett, CISM, CISSP
Chief Information Security Officer
Voice
Biometrics
Conference

May
8,
2013

Opportunity for Better Authentication is Upon Us
Passwords Just Do Not Work…
For Users For Organizations
Painful to Use

•  25
Accounts

•  8
Logins
/
Day

•  6.5
Passwords

Difficult to Secure
•  $5.5M / Data Breach
•  $15M / PWD Reset
•  $60+ / Token
For the Ecosystem
Impossible to Scale
•  Fragmented
•  Inflexible
•  Slow to Adopt

Common experiences related to authentication
failure (respondents who say it happened to them
one or more times over the past 2 years)
Users are frustrated -
password complexity
requirements working
against them instead
of supporting them
Experiences with Identity and Authentication

JUST EASY
SECURE & EASY
JUST BAD
HighSecurityLow
UNPLEASANT
Low HighUsability
Security is not a Continuum…

DO YOU REALLY WANT YOUR
REFRIGERATOR TO KNOW YOUR PAYPAL
PASSWORD?
Do You Really Want Your Refrigerator to Know Your
PayPal Password?

0
20
40
60
80
100
120
2006 2007 2008 2009 2010 2011 2012
Authentication Vendors
Increasing Options

Authentication Standards Combined with Advances
in Biometrics Provide a New Path Forward

How FIDO Works
FIDO Authenticators
Website
Browser
FIDO Plugin
Device Specific
Module
6
4
1
2
3 5
Validation
Cache
secret secrets
refresh
Vendor Tokens
FIDO
Repository

•  User picks their own token type
•  User decides when/if to bind their
token to their account
•  Existing tokens (like finger) can be
used by downloading the FIDO
plugin
•  User can download the plugin from
various sites
•  User could have a PIN-protected
USB drive to use while travelling
The FIDO “User” Experience

Please say your passphrase to log into your
account
Speak
Voice Experience

Ø The Internet needs better authentication, now
Ø Stronger authentication is not “better
authentication”
Ø An industry standards based approach is the
only viable way forward
Ø “Whether you believe you can do a thing, or
not, you are right” (Henry Ford)

Michael Barrett, CISM, CISSP
Chief Information Security Officer
mbarrett@paypal.com
PayPal
TM
Thank You for Your Time!

Contenu connexe

Plus de derektop

Your existing voice recording infrastructure and metadata can be used in the battle against fraud and to protect your contact center. NICE Systems will show you how existing call recording, call monitoring and analytic fabrics can be leveraged to build the voice prints that become the foundation for voice-based authentication and fraudster detection, as well as how to operationalize voice biometrics to achieve real business value and a compelling ROI. -- Elad Hoffman, Real Time Authentication Solution Manager, NICE Systems

Operationalizing Voice Biometrics

derektop

From Voice Biometrics Conference San Francisco (May 8-9, 2013): Deep integration of speech processing and voice verification with mobile and consumer electronic devices promise to deliver on the promise of a vision first presented in the Star Trek series of the early ’60s. In the here-and-now of 2013 we can look at the opportunities suggested by a combination of trigger words, voice biometrics and embedded speech processing. -- Todd Mozer, President, CEO & Chairman of Sensory, Inc.

Introduction to Truly Handsfree 3.0

derektop

e-Government Applications for Voice Authentication

derektop

Mobile Voice Authentication

derektop

Future of Mobile Authentication

derektop

The Future of Secure, Mobile Authentication

derektop

From Voice Biometrics Conference San Francisco (May 8-9, 2013): A single factor is seldom enough to establish high confidence levels when identifying a specific individual. Learn how the security services in Ecuador specified and then implemented a system that combines voice biometrics and facial recognition in a unique way to support their law enforcement efforts. -- Alexey Khitrov, Strategic Development Director, Speech Technology Center

The Case for Voice + Face Recognition

derektop

The Power of a Black List, the Promise of a White List

derektop

Case Study: Passive Authentication at Barclays

derektop

Powering Security and Easy Authentication in a Multi-Channel World

derektop

From Voice Biometrics Conference San Francisco (May 8-9, 2013): Voice biometrics is playing an increasing role in consumer-facing smart devices. From using your voice to “wake-up” any device or access home alarm controls, to voice-initiated personalized settings for home entertainment systems, unified communications and video analytics. Steve Jones, Executive Director, Speech FX; Brian Gannon, SVP of Marketing and Business Development, GEO Semiconductor; Julia Webb, VP Sales & Marketing, VoiceVault

Natural Interaction in the Connected Home

derektop

Case Study: Voice Verification by Mobile Operator Avea

derektop

Voice Biometrics: The Big Picture Gets Bigger

derektop

Plus de derektop (13)

Operationalizing Voice Biometrics

Introduction to Truly Handsfree 3.0

e-Government Applications for Voice Authentication

Mobile Voice Authentication

Future of Mobile Authentication

The Future of Secure, Mobile Authentication

The Case for Voice + Face Recognition

The Power of a Black List, the Promise of a White List

Case Study: Passive Authentication at Barclays

Powering Security and Easy Authentication in a Multi-Channel World

Natural Interaction in the Connected Home

Case Study: Voice Verification by Mobile Operator Avea

Voice Biometrics: The Big Picture Gets Bigger

Dernier

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

apidays

In the thrilling conclusion to 2023, ransomware groups had a banner year, really outdoing themselves in the "make everyone's life miserable" department. LockBit 3.0 took gold in the hacking olympics, followed by the plucky upstarts Clop and ALPHV/BlackCat. Apparently, 48% of organizations were feeling left out and decided to get in on the cyber attack action. Business services won the "most likely to get digitally mugged" award, with education and retail nipping at their heels. Hackers expanded their repertoire beyond boring old encryption to the much more exciting world of extortion. The US, UK and Canada took top honors in the "countries most likely to pay up" category. Bitcoins were the currency of choice for discerning hackers, because who doesn't love untraceable money?

Ransomware_Q4_2023. The report. [EN].pdf

Overkill Security

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

MINDCTI Revenue Release Quarter One 2024

MIND CTI

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

AXA XL - Insurer Innovation Award Americas 2024

The Digital Insurer

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

Manulife - Insurer Transformation Award 2024

The Digital Insurer

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

apidays

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Dubai, often portrayed as a shimmering oasis in the desert, faces its own set of challenges, including the occasional threat of flooding. Despite its reputation for opulence and modernity, the emirate is not immune to the forces of nature. In recent years, Dubai has experienced sporadic but significant floods, testing the resilience of its infrastructure and communities. Among the critical lifelines in this bustling metropolis is the Dubai International Airport, a bustling hub that connects the city to the world. This article explores the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Orbitshub

Dernier (20)

Corporate and higher education May webinar.pptx

Apidays New York 2024 - The value of a flexible API Management solution for O...

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

Ransomware_Q4_2023. The report. [EN].pdf

FWD Group - Insurer Innovation Award 2024

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Why Teams call analytics are critical to your entire business

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

How to Troubleshoot Apps for the Modern Connected Worker

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

MINDCTI Revenue Release Quarter One 2024

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

AXA XL - Insurer Innovation Award Americas 2024

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Manulife - Insurer Transformation Award 2024

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Beyond Passwords: FIDO (Fast IDentity Online) and the Larger Market for Strong Authentication

1. PayPal TM Michael Barrett, CISM, CISSP Chief Information Security Officer Voice Biometrics Conference May 8, 2013

2. Opportunity for Better Authentication is Upon Us Passwords Just Do Not Work… For Users For Organizations Painful to Use •  25 Accounts •  8 Logins / Day •  6.5 Passwords Difficult to Secure •  $5.5M / Data Breach •  $15M / PWD Reset •  $60+ / Token For the Ecosystem Impossible to Scale •  Fragmented •  Inflexible •  Slow to Adopt

3. Common experiences related to authentication failure (respondents who say it happened to them one or more times over the past 2 years) Users are frustrated - password complexity requirements working against them instead of supporting them Experiences with Identity and Authentication

4. JUST EASY SECURE & EASY JUST BAD HighSecurityLow UNPLEASANT Low HighUsability Security is not a Continuum…

5. DO YOU REALLY WANT YOUR REFRIGERATOR TO KNOW YOUR PAYPAL PASSWORD? Do You Really Want Your Refrigerator to Know Your PayPal Password?

6. Newer Technologies Exist

7. 0 20 40 60 80 100 120 2006 2007 2008 2009 2010 2011 2012 Authentication Vendors Increasing Options

8. Authentication Standards Combined with Advances in Biometrics Provide a New Path Forward

9. How FIDO Works FIDO Authenticators Website Browser FIDO Plugin Device Specific Module 6 4 1 2 3 5 Validation Cache secret secrets refresh Vendor Tokens FIDO Repository

10. •  User picks their own token type •  User decides when/if to bind their token to their account •  Existing tokens (like finger) can be used by downloading the FIDO plugin •  User can download the plugin from various sites •  User could have a PIN-protected USB drive to use while travelling The FIDO “User” Experience

11. Please say your passphrase to log into your account Speak Voice Experience

12. Finger Experience

13. USB Experience

14. Ø The Internet needs better authentication, now Ø Stronger authentication is not “better authentication” Ø An industry standards based approach is the only viable way forward Ø “Whether you believe you can do a thing, or not, you are right” (Henry Ford)

15. Michael Barrett, CISM, CISSP Chief Information Security Officer mbarrett@paypal.com PayPal TM Thank You for Your Time!

Beyond Passwords: FIDO (Fast IDentity Online) and the Larger Market for Strong Authentication

Recommandé

Recommandé

Contenu connexe

Plus de derektop

Plus de derektop (13)

Dernier

Dernier (20)

Beyond Passwords: FIDO (Fast IDentity Online) and the Larger Market for Strong Authentication