SlideShare une entreprise Scribd logo

Electronic authentication more than just a password

Télécharger en tant que PPT, PDF
Nicholas Davis
Nicholas Davis
Technologie
1  sur  20
Electronic Authentication More Than Just a Password Nicholas Davis Information Security Cardinal Stritch Interview Session May 20, 2009
Session Overview • What electronic authentication is and why it is important • Definitions • Different types of authentication factors (username/password) • Benefits and drawbacks of various authentication technologies • “Strong Authentication” • Question and Answer Session
Presentation Style • Blue = Topic • Black = Informational Details • Red = Discussion • Audience participation is encouraged. Anytime you see red, you can begin to think about the discussion topic at hand
Authentication Defined Authentication is the process of providing proof to a person or system that you are indeed who you claim to be. Can you think of some examples? Electronic authentication is similar in that provides a level of assurance as to whether someone or something is who or what it claims to be in a digital environment. Can you think of some examples?
Authentication Factors • Three types of electronic authentication • Something you know – username/password • Something you have – One time password device • Something you are – Voiceprint or retinal scan • Let’s examine these in detail!
Username and Password Something that you know • Sometimes has rules associated with it, such as length, or has an expiration date. • Can you think of some other password rules? • Why do you think password rules are enforced?
Username and Password - Benefits • Most widely used electronic authentication mechanism in the world. People understand how to use it. • Low fixed cost to implement and virtually no variable cost • Fairly good for low assurance applications • No physical device required
Username and Password - Drawbacks • Can be easily shared on purpose • Can be easily stolen via Shoulder Surfing, Keyboard Logger Packet Sniffer • Can be guessed • Can be hard to remember • Password code is easy to hack
Make Your Passwords Strong • Be as long as possible (never shorter than 6 characters). • Include mixed-case letters, if possible. • Include digits and punctuation marks, if possible. • Not be based on any personal information. • Not be based on any dictionary word, in any language. • Expire on a regular basis and may not be reused • May not contain any portion of your name, birthday, address or other publicly available information
One Time Password (OTP) Devices Something That You Have • Have an assigned serial number which is tied to my userid • Device generates a new password every 30 seconds • Server on other end knows what to expect from the device assigned to me, at any point in time
One Time Password Device - Benefits • Difficult to share • Constantly changing password means it can’t be stolen, shoulder surfed or sniffed • Coolness factor! • Let’s try to circumvent the technology! • What would happen if I generated a one time pass code, wrote it down and then tried to use it later?
One Time Passwords - Drawbacks • Cost! • Rank very low on the washability index • Uncomfortable • Expiration • Battery Life • Can be forgotten at home
Biometrics Something That You Are • Use a unique part of your body to authenticate you, such as your voice pattern, your retina, or your fingerprint
Biometrics Benefits • Harder to steal than even a One Time Password since it is part of the user, not simply in their possession like and OTP device • Absolute uniqueness of authentication factor • Coolness factor
Biometrics Drawbacks • Cost • Complexity of Administration • Highly invasive • Not always reliable – false negatives • Not foolproof • The Gummi Bear thief!
Single Factor vs. Multifactor vs Dual Factor • Single Factor – Using one method to authenticate. • Dual Factor – Using two different types of authentication mechanism to authenticate • Multifactor – Using multiple forms of the same factor. (Password + identifying an image that only you would know) • Some people claim multi factor is just a way around industry regulations. Good test is to ask, could I memorize both of these?
Key Concepts • Current online password based authentication techniques are weak at best: Most rely on multiple single factors • Password Credentials are easily stolen from consumers, and rarely change • Lack of consistency in authentication processes confuse consumers
Summary • There are three types of authentication technologies: – Something you know – Something you have – Something you are Password is the weakest Biometrics is the strongest
Audience Discussion and Q&A • Describe which types of authentication technologies are incorporated into your ATM card • How do you feel about the use of biometrics? • Name a situation in which you think biometrics should be used for authentication
Electronic authentication more than just a password

Recommandé

Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication TechnologiesNicholas Davis
 
Digital Signature.pptx
Digital Signature.pptxDigital Signature.pptx
Digital Signature.pptxMd. AManullah Galib
 
Graphical password ppt
Graphical password pptGraphical password ppt
Graphical password pptMumbai University
 
Biometrics Technology, Types & Applications
Biometrics Technology, Types & ApplicationsBiometrics Technology, Types & Applications
Biometrics Technology, Types & ApplicationsUsman Sheikh
 
Finger print based door access system
Finger print based door access systemFinger print based door access system
Finger print based door access systemAkshay Govekar
 
Biometric Security advantages and disadvantages
Biometric Security advantages and disadvantagesBiometric Security advantages and disadvantages
Biometric Security advantages and disadvantagesPrabh Jeet
 
Digital signature
Digital signatureDigital signature
Digital signatureYash Karanke
 
Graphical Password Authentication
Graphical Password AuthenticationGraphical Password Authentication
Graphical Password AuthenticationDhvani Shah
 

Recommandé

Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication TechnologiesNicholas Davis
 
Digital Signature.pptx
Digital Signature.pptxDigital Signature.pptx
Digital Signature.pptxMd. AManullah Galib
 
Graphical password ppt
Graphical password pptGraphical password ppt
Graphical password pptMumbai University
 
Biometrics Technology, Types & Applications
Biometrics Technology, Types & ApplicationsBiometrics Technology, Types & Applications
Biometrics Technology, Types & ApplicationsUsman Sheikh
 
Finger print based door access system
Finger print based door access systemFinger print based door access system
Finger print based door access systemAkshay Govekar
 
Biometric Security advantages and disadvantages
Biometric Security advantages and disadvantagesBiometric Security advantages and disadvantages
Biometric Security advantages and disadvantagesPrabh Jeet
 
Digital signature
Digital signatureDigital signature
Digital signatureYash Karanke
 
Graphical Password Authentication
Graphical Password AuthenticationGraphical Password Authentication
Graphical Password AuthenticationDhvani Shah
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsRamesh Nagappan
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Ali Raw
 
Internet of Things - Lecture 1 - Introduction
Internet of Things - Lecture 1 - IntroductionInternet of Things - Lecture 1 - Introduction
Internet of Things - Lecture 1 - IntroductionAlexandru Radovici
 
Seminar presentation on digital signature ppt
Seminar presentation on digital signature pptSeminar presentation on digital signature ppt
Seminar presentation on digital signature pptRavi Ranjan
 
Atm using fingerprint
Atm using fingerprintAtm using fingerprint
Atm using fingerprintAnIsh Kumar
 
Digital signatures
Digital signaturesDigital signatures
Digital signaturesIshwar Dayal
 
graphical password authentication
graphical password authenticationgraphical password authentication
graphical password authenticationAkhil Kumar
 
AUTOMATIC VOTING MACHINE-AN ADVANCED MODEL FOR SECURED BIOMETRICS BASED VOTIN...
AUTOMATIC VOTING MACHINE-AN ADVANCED MODEL FOR SECURED BIOMETRICS BASED VOTIN...AUTOMATIC VOTING MACHINE-AN ADVANCED MODEL FOR SECURED BIOMETRICS BASED VOTIN...
AUTOMATIC VOTING MACHINE-AN ADVANCED MODEL FOR SECURED BIOMETRICS BASED VOTIN...anugulashivani
 
Signature Verification.pptx
Signature Verification.pptxSignature Verification.pptx
Signature Verification.pptxSayaliKawale2
 
Digital Signature ppt
Digital Signature pptDigital Signature ppt
Digital Signature pptOECLIB Odisha Electronics Control Library
 
Fingerprint Authentication for ATM
Fingerprint Authentication for ATMFingerprint Authentication for ATM
Fingerprint Authentication for ATMParas Garg
 
Authentication
AuthenticationAuthentication
Authenticationprimeteacher32
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018Will Adams
 
Digital Signature
Digital SignatureDigital Signature
Digital SignatureAdarsh Kumar Yadav
 
Biometrics
BiometricsBiometrics
Biometricsshweta-sharma99
 
Seminar ppt on digital signature
Seminar ppt on digital signatureSeminar ppt on digital signature
Seminar ppt on digital signaturejolly9293
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
Fingerprint Biometrics
Fingerprint BiometricsFingerprint Biometrics
Fingerprint BiometricsRudra Prasad Maiti
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Smart card
Smart cardSmart card
Smart cardSantosh Khadsare
 
E commerce overview
E commerce overviewE commerce overview
E commerce overviewNicholas Davis
 
Data management tactics and strategies
Data management tactics and strategiesData management tactics and strategies
Data management tactics and strategiesNicholas Davis
 

Contenu connexe

Tendances

Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsRamesh Nagappan
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Ali Raw
 
Internet of Things - Lecture 1 - Introduction
Internet of Things - Lecture 1 - IntroductionInternet of Things - Lecture 1 - Introduction
Internet of Things - Lecture 1 - IntroductionAlexandru Radovici
 
Seminar presentation on digital signature ppt
Seminar presentation on digital signature pptSeminar presentation on digital signature ppt
Seminar presentation on digital signature pptRavi Ranjan
 
Atm using fingerprint
Atm using fingerprintAtm using fingerprint
Atm using fingerprintAnIsh Kumar
 
Digital signatures
Digital signaturesDigital signatures
Digital signaturesIshwar Dayal
 
graphical password authentication
graphical password authenticationgraphical password authentication
graphical password authenticationAkhil Kumar
 
AUTOMATIC VOTING MACHINE-AN ADVANCED MODEL FOR SECURED BIOMETRICS BASED VOTIN...
AUTOMATIC VOTING MACHINE-AN ADVANCED MODEL FOR SECURED BIOMETRICS BASED VOTIN...AUTOMATIC VOTING MACHINE-AN ADVANCED MODEL FOR SECURED BIOMETRICS BASED VOTIN...
AUTOMATIC VOTING MACHINE-AN ADVANCED MODEL FOR SECURED BIOMETRICS BASED VOTIN...anugulashivani
 
Signature Verification.pptx
Signature Verification.pptxSignature Verification.pptx
Signature Verification.pptxSayaliKawale2
 
Fingerprint Authentication for ATM
Fingerprint Authentication for ATMFingerprint Authentication for ATM
Fingerprint Authentication for ATMParas Garg
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018Will Adams
 
Seminar ppt on digital signature
Seminar ppt on digital signatureSeminar ppt on digital signature
Seminar ppt on digital signaturejolly9293
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
User authentication
User authenticationUser authentication
User authenticationCAS
 

Tendances (20)

Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise Applications
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)
 
Internet of Things - Lecture 1 - Introduction
Internet of Things - Lecture 1 - IntroductionInternet of Things - Lecture 1 - Introduction
Internet of Things - Lecture 1 - Introduction
 
Seminar presentation on digital signature ppt
Seminar presentation on digital signature pptSeminar presentation on digital signature ppt
Seminar presentation on digital signature ppt
 
Atm using fingerprint
Atm using fingerprintAtm using fingerprint
Atm using fingerprint
 
Digital signatures
Digital signaturesDigital signatures
Digital signatures
 
graphical password authentication
graphical password authenticationgraphical password authentication
graphical password authentication
 
AUTOMATIC VOTING MACHINE-AN ADVANCED MODEL FOR SECURED BIOMETRICS BASED VOTIN...
AUTOMATIC VOTING MACHINE-AN ADVANCED MODEL FOR SECURED BIOMETRICS BASED VOTIN...AUTOMATIC VOTING MACHINE-AN ADVANCED MODEL FOR SECURED BIOMETRICS BASED VOTIN...
AUTOMATIC VOTING MACHINE-AN ADVANCED MODEL FOR SECURED BIOMETRICS BASED VOTIN...
 
Signature Verification.pptx
Signature Verification.pptxSignature Verification.pptx
Signature Verification.pptx
 
Digital Signature ppt
Digital Signature pptDigital Signature ppt
Digital Signature ppt
 
Fingerprint Authentication for ATM
Fingerprint Authentication for ATMFingerprint Authentication for ATM
Fingerprint Authentication for ATM
 
Authentication
AuthenticationAuthentication
Authentication
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
Biometrics
BiometricsBiometrics
Biometrics
 
Seminar ppt on digital signature
Seminar ppt on digital signatureSeminar ppt on digital signature
Seminar ppt on digital signature
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
 
Fingerprint Biometrics
Fingerprint BiometricsFingerprint Biometrics
Fingerprint Biometrics
 
User authentication
User authenticationUser authentication
User authentication
 
Smart card
Smart cardSmart card
Smart card
 

En vedette

Data management tactics and strategies
Data management tactics and strategiesData management tactics and strategies
Data management tactics and strategiesNicholas Davis
 
Information security background
Information security backgroundInformation security background
Information security backgroundNicholas Davis
 
Intellectual property and digital media nicholas davis
Intellectual property and digital media nicholas davisIntellectual property and digital media nicholas davis
Intellectual property and digital media nicholas davisNicholas Davis
 
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...Nicholas Davis
 

En vedette (7)

E commerce overview
E commerce overviewE commerce overview
E commerce overview
 
Data management tactics and strategies
Data management tactics and strategiesData management tactics and strategies
Data management tactics and strategies
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Information security background
Information security backgroundInformation security background
Information security background
 
Intellectual property and digital media nicholas davis
Intellectual property and digital media nicholas davisIntellectual property and digital media nicholas davis
Intellectual property and digital media nicholas davis
 
Information privacy
Information privacyInformation privacy
Information privacy
 
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
 

Similaire à Electronic authentication more than just a password

Authentication technologies
Authentication technologiesAuthentication technologies
Authentication technologiesNicholas Davis
 
Electronic Authentication, More Than Just a Password
Electronic Authentication, More Than Just a PasswordElectronic Authentication, More Than Just a Password
Electronic Authentication, More Than Just a PasswordNicholas Davis
 
Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Hai Nguyen
 
2 Laymans Course - LAMP V2.pptx
2 Laymans Course - LAMP V2.pptx2 Laymans Course - LAMP V2.pptx
2 Laymans Course - LAMP V2.pptxssuser2f0fb0
 
Date security identifcation and authentication
Date security identifcation and authenticationDate security identifcation and authentication
Date security identifcation and authenticationLeo Mark Villar
 
5. Identity and Access Management
5. Identity and Access Management5. Identity and Access Management
5. Identity and Access ManagementSam Bowne
 
CISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementCISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementSam Bowne
 
CNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementCNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementSam Bowne
 
Authentication Methods authauthauthauthauthautha
Authentication Methods authauthauthauthauthauthaAuthentication Methods authauthauthauthauthautha
Authentication Methods authauthauthauthauthauthaOlajide Kuku
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Solving problems with authentication
Solving problems with authenticationSolving problems with authentication
Solving problems with authenticationMecklerMedia
 
Pki & Personal Digital Certificates, Securing Sensitive Electronic Commun...
Pki & Personal Digital Certificates, Securing Sensitive Electronic Commun...Pki & Personal Digital Certificates, Securing Sensitive Electronic Commun...
Pki & Personal Digital Certificates, Securing Sensitive Electronic Commun...Nicholas Davis
 
Pki & personal digital certificates, securing sensitive electronic communicat...
Pki & personal digital certificates, securing sensitive electronic communicat...Pki & personal digital certificates, securing sensitive electronic communicat...
Pki & personal digital certificates, securing sensitive electronic communicat...Nicholas Davis
 
Users awarness programme for Online Privacy
Users awarness programme for Online PrivacyUsers awarness programme for Online Privacy
Users awarness programme for Online PrivacyKazi Sarwar Hossain
 
Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...
Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...
Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...Nicholas Davis
 
Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...Nicholas Davis
 
Security and Privacy Brown Bag
Security and Privacy Brown BagSecurity and Privacy Brown Bag
Security and Privacy Brown Bag501 Commons
 

Similaire à Electronic authentication more than just a password (20)

Authentication technologies
Authentication technologiesAuthentication technologies
Authentication technologies
 
Electronic Authentication, More Than Just a Password
Electronic Authentication, More Than Just a PasswordElectronic Authentication, More Than Just a Password
Electronic Authentication, More Than Just a Password
 
Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01
 
2 Laymans Course - LAMP V2.pptx
2 Laymans Course - LAMP V2.pptx2 Laymans Course - LAMP V2.pptx
2 Laymans Course - LAMP V2.pptx
 
Date security identifcation and authentication
Date security identifcation and authenticationDate security identifcation and authentication
Date security identifcation and authentication
 
5. Identity and Access Management
5. Identity and Access Management5. Identity and Access Management
5. Identity and Access Management
 
CISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementCISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access Management
 
CNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementCNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access Management
 
Access Control System, BMS
Access Control System, BMSAccess Control System, BMS
Access Control System, BMS
 
Authentication Methods authauthauthauthauthautha
Authentication Methods authauthauthauthauthauthaAuthentication Methods authauthauthauthauthautha
Authentication Methods authauthauthauthauthautha
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Solving problems with authentication
Solving problems with authenticationSolving problems with authentication
Solving problems with authentication
 
Pki & Personal Digital Certificates, Securing Sensitive Electronic Commun...
Pki & Personal Digital Certificates, Securing Sensitive Electronic Commun...Pki & Personal Digital Certificates, Securing Sensitive Electronic Commun...
Pki & Personal Digital Certificates, Securing Sensitive Electronic Commun...
 
Pki & personal digital certificates, securing sensitive electronic communicat...
Pki & personal digital certificates, securing sensitive electronic communicat...Pki & personal digital certificates, securing sensitive electronic communicat...
Pki & personal digital certificates, securing sensitive electronic communicat...
 
Users awarness programme for Online Privacy
Users awarness programme for Online PrivacyUsers awarness programme for Online Privacy
Users awarness programme for Online Privacy
 
Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...
Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...
Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...
 
Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...Pki & personal digital certificates, the key to securing sensitive electronic...
Pki & personal digital certificates, the key to securing sensitive electronic...
 
Security and Privacy Brown Bag
Security and Privacy Brown BagSecurity and Privacy Brown Bag
Security and Privacy Brown Bag
 

Plus de Nicholas Davis

Conducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentConducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentNicholas Davis
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessNicholas Davis
 
UW-Madison, Information Systems 371 - Decision Support Systems
UW-Madison, Information Systems 371 - Decision Support SystemsUW-Madison, Information Systems 371 - Decision Support Systems
UW-Madison, Information Systems 371 - Decision Support SystemsNicholas Davis
 
Software Development Methodologies
Software Development MethodologiesSoftware Development Methodologies
Software Development MethodologiesNicholas Davis
 
Information systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD SecurityInformation systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD SecurityNicholas Davis
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Nicholas Davis
 
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...Nicholas Davis
 
Information Systems 371 -The Internet of Things Overview
Information Systems 371 -The Internet of Things OverviewInformation Systems 371 -The Internet of Things Overview
Information Systems 371 -The Internet of Things OverviewNicholas Davis
 
Cyberwar Gets Personal
Cyberwar Gets PersonalCyberwar Gets Personal
Cyberwar Gets PersonalNicholas Davis
 
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...Nicholas Davis
 
Bringing the Entire Information Security Semester Together With a Team Project
Bringing the Entire Information Security Semester Together With a Team ProjectBringing the Entire Information Security Semester Together With a Team Project
Bringing the Entire Information Security Semester Together With a Team ProjectNicholas Davis
 
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...Nicholas Davis
 
Information Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up SummaryInformation Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up SummaryNicholas Davis
 
Organizational Phishing Education
Organizational Phishing EducationOrganizational Phishing Education
Organizational Phishing EducationNicholas Davis
 
Security Operations -- An Overview
Security Operations -- An OverviewSecurity Operations -- An Overview
Security Operations -- An OverviewNicholas Davis
 
Network Design, Common Network Terminology and Security Implications
Network Design, Common Network Terminology and Security ImplicationsNetwork Design, Common Network Terminology and Security Implications
Network Design, Common Network Terminology and Security ImplicationsNicholas Davis
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application SecurityNicholas Davis
 
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...Nicholas Davis
 
Demystifying Professional Certifications
Demystifying Professional CertificationsDemystifying Professional Certifications
Demystifying Professional CertificationsNicholas Davis
 

Plus de Nicholas Davis (20)

Conducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentConducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) Assessment
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your Business
 
UW-Madison, Information Systems 371 - Decision Support Systems
UW-Madison, Information Systems 371 - Decision Support SystemsUW-Madison, Information Systems 371 - Decision Support Systems
UW-Madison, Information Systems 371 - Decision Support Systems
 
Lecture blockchain
Lecture blockchainLecture blockchain
Lecture blockchain
 
Software Development Methodologies
Software Development MethodologiesSoftware Development Methodologies
Software Development Methodologies
 
Information systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD SecurityInformation systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD Security
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids
 
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
 
Information Systems 371 -The Internet of Things Overview
Information Systems 371 -The Internet of Things OverviewInformation Systems 371 -The Internet of Things Overview
Information Systems 371 -The Internet of Things Overview
 
Cyberwar Gets Personal
Cyberwar Gets PersonalCyberwar Gets Personal
Cyberwar Gets Personal
 
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
 
Bringing the Entire Information Security Semester Together With a Team Project
Bringing the Entire Information Security Semester Together With a Team ProjectBringing the Entire Information Security Semester Together With a Team Project
Bringing the Entire Information Security Semester Together With a Team Project
 
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
 
Information Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up SummaryInformation Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up Summary
 
Organizational Phishing Education
Organizational Phishing EducationOrganizational Phishing Education
Organizational Phishing Education
 
Security Operations -- An Overview
Security Operations -- An OverviewSecurity Operations -- An Overview
Security Operations -- An Overview
 
Network Design, Common Network Terminology and Security Implications
Network Design, Common Network Terminology and Security ImplicationsNetwork Design, Common Network Terminology and Security Implications
Network Design, Common Network Terminology and Security Implications
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
 
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
 
Demystifying Professional Certifications
Demystifying Professional CertificationsDemystifying Professional Certifications
Demystifying Professional Certifications
 

Dernier

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Dernier (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

Electronic authentication more than just a password

  • 1. Electronic Authentication More Than Just a Password Nicholas Davis Information Security Cardinal Stritch Interview Session May 20, 2009
  • 2. Session Overview • What electronic authentication is and why it is important • Definitions • Different types of authentication factors (username/password) • Benefits and drawbacks of various authentication technologies • “Strong Authentication” • Question and Answer Session
  • 3. Presentation Style • Blue = Topic • Black = Informational Details • Red = Discussion • Audience participation is encouraged. Anytime you see red, you can begin to think about the discussion topic at hand
  • 4. Authentication Defined Authentication is the process of providing proof to a person or system that you are indeed who you claim to be. Can you think of some examples? Electronic authentication is similar in that provides a level of assurance as to whether someone or something is who or what it claims to be in a digital environment. Can you think of some examples?
  • 5. Authentication Factors • Three types of electronic authentication • Something you know – username/password • Something you have – One time password device • Something you are – Voiceprint or retinal scan • Let’s examine these in detail!
  • 6. Username and Password Something that you know • Sometimes has rules associated with it, such as length, or has an expiration date. • Can you think of some other password rules? • Why do you think password rules are enforced?
  • 7. Username and Password - Benefits • Most widely used electronic authentication mechanism in the world. People understand how to use it. • Low fixed cost to implement and virtually no variable cost • Fairly good for low assurance applications • No physical device required
  • 8. Username and Password - Drawbacks • Can be easily shared on purpose • Can be easily stolen via Shoulder Surfing, Keyboard Logger Packet Sniffer • Can be guessed • Can be hard to remember • Password code is easy to hack
  • 9. Make Your Passwords Strong • Be as long as possible (never shorter than 6 characters). • Include mixed-case letters, if possible. • Include digits and punctuation marks, if possible. • Not be based on any personal information. • Not be based on any dictionary word, in any language. • Expire on a regular basis and may not be reused • May not contain any portion of your name, birthday, address or other publicly available information
  • 10. One Time Password (OTP) Devices Something That You Have • Have an assigned serial number which is tied to my userid • Device generates a new password every 30 seconds • Server on other end knows what to expect from the device assigned to me, at any point in time
  • 11. One Time Password Device - Benefits • Difficult to share • Constantly changing password means it can’t be stolen, shoulder surfed or sniffed • Coolness factor! • Let’s try to circumvent the technology! • What would happen if I generated a one time pass code, wrote it down and then tried to use it later?
  • 12. One Time Passwords - Drawbacks • Cost! • Rank very low on the washability index • Uncomfortable • Expiration • Battery Life • Can be forgotten at home
  • 13. Biometrics Something That You Are • Use a unique part of your body to authenticate you, such as your voice pattern, your retina, or your fingerprint
  • 14. Biometrics Benefits • Harder to steal than even a One Time Password since it is part of the user, not simply in their possession like and OTP device • Absolute uniqueness of authentication factor • Coolness factor
  • 15. Biometrics Drawbacks • Cost • Complexity of Administration • Highly invasive • Not always reliable – false negatives • Not foolproof • The Gummi Bear thief!
  • 16. Single Factor vs. Multifactor vs Dual Factor • Single Factor – Using one method to authenticate. • Dual Factor – Using two different types of authentication mechanism to authenticate • Multifactor – Using multiple forms of the same factor. (Password + identifying an image that only you would know) • Some people claim multi factor is just a way around industry regulations. Good test is to ask, could I memorize both of these?
  • 17. Key Concepts • Current online password based authentication techniques are weak at best: Most rely on multiple single factors • Password Credentials are easily stolen from consumers, and rarely change • Lack of consistency in authentication processes confuse consumers
  • 18. Summary • There are three types of authentication technologies: – Something you know – Something you have – Something you are Password is the weakest Biometrics is the strongest
  • 19. Audience Discussion and Q&A • Describe which types of authentication technologies are incorporated into your ATM card • How do you feel about the use of biometrics? • Name a situation in which you think biometrics should be used for authentication