SlideShare une entreprise Scribd logo

9 Things Every Business Should Know About User Authentication

CloudEntr
CloudEntr

Understanding how User Authentication impacts the security of your business is more critical than ever, but knowing where to start can be tough. Good thing we’ve simplified this complex issue into the essential things you need to know in order to make more informed decisions.

Technologie
1  sur  17
Télécharger pour lire hors ligne
Share This: 9 Things Everyone Should Know About User Authentication
Share This: The Notorious 9 Nine Essential Components of User Authentication User Authentication (UA) is a field that’s constantly evolving; however, staying current doesn’t have to be a full time job, if you master the basics. Despite the appearance of constant change, there are nine basic principles of UA that remain the same, and knowing them will help you make more informed decisions. To make things even easier, we’ve broken the Notorious Nine into three parts: username ********** 3 Types of UA 3 Delivery Methods of UA 3 Ways to Integrate UALOGIN
Share This: have been the victim of online crimes due to their accounts being hacked 600,000 FACEBOOK ACCOUNTS 75% OF AMERICANS 90% OF BUSINESSES have been hacked in the last year are hacked every day Source: http://www.clubcloudcomputing.com/2013/01/infographic-on-hacking-statistics/ FACTS
Share This: Know Your Type The 3 Types of UA Confirming that users really are who they say they are is serious business, especially when the annual cost of identity theft in America is now $10 billion more than all other property crimes combined. The good news is that while there may only be three types of UA, your company can combine their strengths to make the process of identifying, verifying and granting users access to your system as easy as one, two, three. The three types of UA are: Source: http://www.businessinsider.com/bureau-of-justice-statistics-identity-theft-report-2013-12 1. What You Know 2. What You Have 3. What You Are
Share This: Well, Whadayaknow? UA Type 1: “What You Know” “What You Know” is the oldest form of UA and is based on secret information that only the user knows — and therein lies the issue. Aside from malicious programs that can guess billions of passwords per second, many users share their passwords and/or post them next to their screens, making this the weakest of all methods. However, it’s also the oldest and cheapest, which explains why it’s still popular. Examples of “What You Know” UA Passwords1 2 3 4 5 Phrases Security Questions PINs Patterns (i.e drawn with a finger to access mobile devices)
Share This: FACTS Source: http://janrain.com/about/newsroom/press-releases/online-americans-fatigued-by-password-overload-janrain-study-finds/ 58% of Americans have 5 or more online passwords 30% of Americans have 10 or more online passwords 8% of Americans have 21 or more online passwords
Share This: What You Got There? UA Type 2: “What You Have” “What You Have” is a much stronger UA method than “What You Know” and carries the added bonus of being a fairly economical solution. To use this method, users must possess a hardware token contained on a smart card, USB token, mobile device, etc. Companies seeking to enhance security without sacrificing usability often combine “What You Have” with other types of UA for added strength. An example of this is your debit or ATM card. ‘You have’ the physical card that you must swipe in the machine and ‘you know’ the PIN number to access your account. 1. Public Key Cryptography 2. One Time Password (OTP) 3. Smart Cards
Share This: FACTS The People’s Choice: How Americans Use Social Network Single-Sign-On to Surf Source: http://blog.gigya.com/which-identities-are-we-using-to-sign-in-around-the-web-infographic/ FacebookGoogleTwitterYahooMySpaceLinkedInOther 1% 2% 7% 13% 14% 17% 46%
Share This: Who Do You Think You Are? James Bond? UA Type 3: “What You Are” Often showcased in spy movies, “What You Are” is perhaps the most well-known form of UA and yet is the least used due to its high cost. Because “What You Are” is dependent on an individual’s habits and/ or biological characteristics, it is a very strong UA method. It’s also convenient for companies and users since critical information can’t be borrowed, lost or forgotten. When combined with other UA methods, it’s incredibly strong. 1. Biometry – fingerprints, retina scans, voice recognition, etc. 2. Behavior-Based Authentication 3. Physical Unclonable Functions
Share This: FACTS Fingerprint Facts Source: http://www.funtrivia.com/en/subtopics/Fingerprints-170308.html Fingerprint ridges do not change with growth or age Minor burns, cuts and scrapes don’t affect fingerprints because new skin grows in the original pattern Koala fingerprints are virtually indistinguishable from human prints In 1858, Sir William Herschel became the first person to use fingerprints to identify criminals The FBI's fingerprint database is the largest in the world 1. 2. 3. 4. 5.
Share This: Cutting Out the Middle-Man 3 Ways to Receive User Info Securing the delivery of user information is critical in preventing hack attacks, such as man-in-the-middle schemes where a malware program intercepts the username, password and passcode of a user as it is being sent. Listed from weakest (1) to strongest (3), the three current UA delivery methods are: 1. Local 2. In-Band 3. Out-of-Band
Share This: Are You With the Band? The 3 Ways UA Credentials Are Delivered While your company has limitless choices when it comes to the combinations and types of UA available, there are only 3 choices when it comes to how a user’s credentials will be delivered to the authentication system: local, in-band or out-of-band. 1. Local – The system that receives the credentials and the system that matches them are on the same host Examples: Entering a PIN in a smart card reader, swiping a finger on an iPhone, logging into a Windows PC 2. In-Band – Users submit credentials through an app that interfaces with the system after authentication Example: Connecting to a web server using a web browser and logging in via that same browser 3. Out-Of-Band – Users complete part of the UA process through one channel and receive secure information via a second channel that enables them to complete the UA process Example: Connecting to the Internet on a PC and receiving a code via a mobile phone to complete log-in
Share This: FACTS Calling for Security: Companies Employing Mobile Phone Multi-Factor Authentication Source: http://mashable.com/2013/07/31/two-factor-authentication/ Google is the first company to offer users multi-factor authentication via mobile codes Facebook begins using mobile codes for multi-factor authentication Dropbox, LinkedIn, Apple, Microsoft and Twitter offer users mobile code multi-factor authentication 2010 2011 2012
Share This: Getting with the Program The 3 Ways to Integrate UA Choosing how you will integrate UA with your current system is one that requires your business to find its own sweet spot between retaining control internally and relinquishing elements of control to third parties. The current three UA integration methods are: 1. Embedded Component 2. Callable Web Service 3. Delegation
Share This: Are You a DIY’er or a Delegator? The 3 Ways UA Can Be Integrated with a System You have three options when it comes to integrating UA into your current system, and all three ways are compatible with all types of UA, so the choice boils down to how much you want to invest and how much control you desire. 1. Embedded Component: UA components are embedded into the server that provides service to users Pros: Instant access and greater control Cons: Companies using their own servers must be vigilant about maintenance and security monitoring, especially since a single security breach could expose all codes 2. Callable Web Service: UA information is passed to a dedicated authentication server via web service calls Pros: Authentication codes are not stored on the service provider’s server Cons: If a company uses one of its servers as the dedicated authentication server, it must be vigilant about the maintenance and security of the server 3. Delegation: UA is delegated to a third party authentication server known as the Identity Provider (IP) Pros: Maintenance costs, updates and compliance are the responsibility of the third-party IP Cons: Less access and control
Share This: FACTS LOW - Little or no confidence exists in the user’s identity; usually self-asserted MODERATE - Confidence exists that the user’s identity is accurate; used for self-service apps MODERATE - High confidence in the user’s identity accuracy; used to access restricted data HIGH - Very high confidence in the user’s identity accuracy; used to access highly restricted data Level 1 Level 2 Level 3 Level 4 The four levels of assurance the U.S. government uses to categorize Identity Providers are: Source: https://www.cio.wisc.edu/security-initiatives-levels.aspx
Share This: Hark! Who Goes There? We hope you have enjoyed our ebook, “9 Things Everyone Should Know About User Authentication.” At Gemalto, we provide a powerful portfolio of UA solutions that address a wide range of business needs. To learn more about us, download more ebooks, or register for a free trial, please visit CloudEntr.com/latest- resources.

Recommandé

Authentifusion: Clarifying the Future of User Authentication
Authentifusion: Clarifying the Future of User AuthenticationAuthentifusion: Clarifying the Future of User Authentication
Authentifusion: Clarifying the Future of User AuthenticationKelly Colbert
 
Infographic: Cloud Security & SMBs - What You Need to Know in 2015
Infographic: Cloud Security & SMBs - What You Need to Know in 2015Infographic: Cloud Security & SMBs - What You Need to Know in 2015
Infographic: Cloud Security & SMBs - What You Need to Know in 2015CloudEntr
 
2015 State of SMB Cybersecurity Report
2015 State of SMB Cybersecurity Report2015 State of SMB Cybersecurity Report
2015 State of SMB Cybersecurity ReportCloudEntr
 
Definitive Data Breaches of the Last Decade
Definitive Data Breaches of the Last DecadeDefinitive Data Breaches of the Last Decade
Definitive Data Breaches of the Last DecadeCloudEntr
 
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...CloudEntr
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 

Recommandé

Authentifusion: Clarifying the Future of User Authentication
Authentifusion: Clarifying the Future of User AuthenticationAuthentifusion: Clarifying the Future of User Authentication
Authentifusion: Clarifying the Future of User AuthenticationKelly Colbert
 
Infographic: Cloud Security & SMBs - What You Need to Know in 2015
Infographic: Cloud Security & SMBs - What You Need to Know in 2015Infographic: Cloud Security & SMBs - What You Need to Know in 2015
Infographic: Cloud Security & SMBs - What You Need to Know in 2015CloudEntr
 
2015 State of SMB Cybersecurity Report
2015 State of SMB Cybersecurity Report2015 State of SMB Cybersecurity Report
2015 State of SMB Cybersecurity ReportCloudEntr
 
Definitive Data Breaches of the Last Decade
Definitive Data Breaches of the Last DecadeDefinitive Data Breaches of the Last Decade
Definitive Data Breaches of the Last DecadeCloudEntr
 
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...CloudEntr
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 

Contenu connexe

Dernier

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 

Dernier (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

En vedette

How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 

En vedette (20)

How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 

9 Things Every Business Should Know About User Authentication

  • 1. Share This: 9 Things Everyone Should Know About User Authentication
  • 2. Share This: The Notorious 9 Nine Essential Components of User Authentication User Authentication (UA) is a field that’s constantly evolving; however, staying current doesn’t have to be a full time job, if you master the basics. Despite the appearance of constant change, there are nine basic principles of UA that remain the same, and knowing them will help you make more informed decisions. To make things even easier, we’ve broken the Notorious Nine into three parts: username ********** 3 Types of UA 3 Delivery Methods of UA 3 Ways to Integrate UALOGIN
  • 3. Share This: have been the victim of online crimes due to their accounts being hacked 600,000 FACEBOOK ACCOUNTS 75% OF AMERICANS 90% OF BUSINESSES have been hacked in the last year are hacked every day Source: http://www.clubcloudcomputing.com/2013/01/infographic-on-hacking-statistics/ FACTS
  • 4. Share This: Know Your Type The 3 Types of UA Confirming that users really are who they say they are is serious business, especially when the annual cost of identity theft in America is now $10 billion more than all other property crimes combined. The good news is that while there may only be three types of UA, your company can combine their strengths to make the process of identifying, verifying and granting users access to your system as easy as one, two, three. The three types of UA are: Source: http://www.businessinsider.com/bureau-of-justice-statistics-identity-theft-report-2013-12 1. What You Know 2. What You Have 3. What You Are
  • 5. Share This: Well, Whadayaknow? UA Type 1: “What You Know” “What You Know” is the oldest form of UA and is based on secret information that only the user knows — and therein lies the issue. Aside from malicious programs that can guess billions of passwords per second, many users share their passwords and/or post them next to their screens, making this the weakest of all methods. However, it’s also the oldest and cheapest, which explains why it’s still popular. Examples of “What You Know” UA Passwords1 2 3 4 5 Phrases Security Questions PINs Patterns (i.e drawn with a finger to access mobile devices)
  • 6. Share This: FACTS Source: http://janrain.com/about/newsroom/press-releases/online-americans-fatigued-by-password-overload-janrain-study-finds/ 58% of Americans have 5 or more online passwords 30% of Americans have 10 or more online passwords 8% of Americans have 21 or more online passwords
  • 7. Share This: What You Got There? UA Type 2: “What You Have” “What You Have” is a much stronger UA method than “What You Know” and carries the added bonus of being a fairly economical solution. To use this method, users must possess a hardware token contained on a smart card, USB token, mobile device, etc. Companies seeking to enhance security without sacrificing usability often combine “What You Have” with other types of UA for added strength. An example of this is your debit or ATM card. ‘You have’ the physical card that you must swipe in the machine and ‘you know’ the PIN number to access your account. 1. Public Key Cryptography 2. One Time Password (OTP) 3. Smart Cards
  • 8. Share This: FACTS The People’s Choice: How Americans Use Social Network Single-Sign-On to Surf Source: http://blog.gigya.com/which-identities-are-we-using-to-sign-in-around-the-web-infographic/ FacebookGoogleTwitterYahooMySpaceLinkedInOther 1% 2% 7% 13% 14% 17% 46%
  • 9. Share This: Who Do You Think You Are? James Bond? UA Type 3: “What You Are” Often showcased in spy movies, “What You Are” is perhaps the most well-known form of UA and yet is the least used due to its high cost. Because “What You Are” is dependent on an individual’s habits and/ or biological characteristics, it is a very strong UA method. It’s also convenient for companies and users since critical information can’t be borrowed, lost or forgotten. When combined with other UA methods, it’s incredibly strong. 1. Biometry – fingerprints, retina scans, voice recognition, etc. 2. Behavior-Based Authentication 3. Physical Unclonable Functions
  • 10. Share This: FACTS Fingerprint Facts Source: http://www.funtrivia.com/en/subtopics/Fingerprints-170308.html Fingerprint ridges do not change with growth or age Minor burns, cuts and scrapes don’t affect fingerprints because new skin grows in the original pattern Koala fingerprints are virtually indistinguishable from human prints In 1858, Sir William Herschel became the first person to use fingerprints to identify criminals The FBI's fingerprint database is the largest in the world 1. 2. 3. 4. 5.
  • 11. Share This: Cutting Out the Middle-Man 3 Ways to Receive User Info Securing the delivery of user information is critical in preventing hack attacks, such as man-in-the-middle schemes where a malware program intercepts the username, password and passcode of a user as it is being sent. Listed from weakest (1) to strongest (3), the three current UA delivery methods are: 1. Local 2. In-Band 3. Out-of-Band
  • 12. Share This: Are You With the Band? The 3 Ways UA Credentials Are Delivered While your company has limitless choices when it comes to the combinations and types of UA available, there are only 3 choices when it comes to how a user’s credentials will be delivered to the authentication system: local, in-band or out-of-band. 1. Local – The system that receives the credentials and the system that matches them are on the same host Examples: Entering a PIN in a smart card reader, swiping a finger on an iPhone, logging into a Windows PC 2. In-Band – Users submit credentials through an app that interfaces with the system after authentication Example: Connecting to a web server using a web browser and logging in via that same browser 3. Out-Of-Band – Users complete part of the UA process through one channel and receive secure information via a second channel that enables them to complete the UA process Example: Connecting to the Internet on a PC and receiving a code via a mobile phone to complete log-in
  • 13. Share This: FACTS Calling for Security: Companies Employing Mobile Phone Multi-Factor Authentication Source: http://mashable.com/2013/07/31/two-factor-authentication/ Google is the first company to offer users multi-factor authentication via mobile codes Facebook begins using mobile codes for multi-factor authentication Dropbox, LinkedIn, Apple, Microsoft and Twitter offer users mobile code multi-factor authentication 2010 2011 2012
  • 14. Share This: Getting with the Program The 3 Ways to Integrate UA Choosing how you will integrate UA with your current system is one that requires your business to find its own sweet spot between retaining control internally and relinquishing elements of control to third parties. The current three UA integration methods are: 1. Embedded Component 2. Callable Web Service 3. Delegation
  • 15. Share This: Are You a DIY’er or a Delegator? The 3 Ways UA Can Be Integrated with a System You have three options when it comes to integrating UA into your current system, and all three ways are compatible with all types of UA, so the choice boils down to how much you want to invest and how much control you desire. 1. Embedded Component: UA components are embedded into the server that provides service to users Pros: Instant access and greater control Cons: Companies using their own servers must be vigilant about maintenance and security monitoring, especially since a single security breach could expose all codes 2. Callable Web Service: UA information is passed to a dedicated authentication server via web service calls Pros: Authentication codes are not stored on the service provider’s server Cons: If a company uses one of its servers as the dedicated authentication server, it must be vigilant about the maintenance and security of the server 3. Delegation: UA is delegated to a third party authentication server known as the Identity Provider (IP) Pros: Maintenance costs, updates and compliance are the responsibility of the third-party IP Cons: Less access and control
  • 16. Share This: FACTS LOW - Little or no confidence exists in the user’s identity; usually self-asserted MODERATE - Confidence exists that the user’s identity is accurate; used for self-service apps MODERATE - High confidence in the user’s identity accuracy; used to access restricted data HIGH - Very high confidence in the user’s identity accuracy; used to access highly restricted data Level 1 Level 2 Level 3 Level 4 The four levels of assurance the U.S. government uses to categorize Identity Providers are: Source: https://www.cio.wisc.edu/security-initiatives-levels.aspx
  • 17. Share This: Hark! Who Goes There? We hope you have enjoyed our ebook, “9 Things Everyone Should Know About User Authentication.” At Gemalto, we provide a powerful portfolio of UA solutions that address a wide range of business needs. To learn more about us, download more ebooks, or register for a free trial, please visit CloudEntr.com/latest- resources.