the rise of multi-factor...
TRANSCRIPT
![Page 1: THE RISE OF MULTI-FACTOR AUTHENTICATIONrickl/courses/ics-h197/2014-fq-h197/talk-Tucker-MultiFactor...THE RISE OF MULTI-FACTOR AUTHENTICATION A PRESENTATION BY GEOFFREY TUCKER. INTRODUCTION](https://reader034.vdocuments.mx/reader034/viewer/2022042313/5ede55ebad6a402d6669a852/html5/thumbnails/1.jpg)
THE RISE OF MULTI-FACTOR AUTHENTICATIONA PRESENTATION BY GEOFFREY TUCKER
![Page 2: THE RISE OF MULTI-FACTOR AUTHENTICATIONrickl/courses/ics-h197/2014-fq-h197/talk-Tucker-MultiFactor...THE RISE OF MULTI-FACTOR AUTHENTICATION A PRESENTATION BY GEOFFREY TUCKER. INTRODUCTION](https://reader034.vdocuments.mx/reader034/viewer/2022042313/5ede55ebad6a402d6669a852/html5/thumbnails/2.jpg)
INTRODUCTION
1. What is wrong with passwords?
2. How are passwords being compromised?
3. How can we improve our security beyond passwords?
4. What is in store for the future of online security?
![Page 3: THE RISE OF MULTI-FACTOR AUTHENTICATIONrickl/courses/ics-h197/2014-fq-h197/talk-Tucker-MultiFactor...THE RISE OF MULTI-FACTOR AUTHENTICATION A PRESENTATION BY GEOFFREY TUCKER. INTRODUCTION](https://reader034.vdocuments.mx/reader034/viewer/2022042313/5ede55ebad6a402d6669a852/html5/thumbnails/3.jpg)
THE PROBLEM WITH PASSWORDS
• Passwords are rarely ever changed
• Most people prefer short, easy-to-remember passwords
• People tend to re-use their password(s) across multiple applications
• Answers to security questions could be revealed through online profiles
![Page 4: THE RISE OF MULTI-FACTOR AUTHENTICATIONrickl/courses/ics-h197/2014-fq-h197/talk-Tucker-MultiFactor...THE RISE OF MULTI-FACTOR AUTHENTICATION A PRESENTATION BY GEOFFREY TUCKER. INTRODUCTION](https://reader034.vdocuments.mx/reader034/viewer/2022042313/5ede55ebad6a402d6669a852/html5/thumbnails/4.jpg)
THE SOLUTION: PASSWORD MANAGERS! …RIGHT?
• Easy way to remember large numbers of complex, secure passwords
• Safer than using one password for all websites
• The user must still remember a secure master password
• Exposes the user to a single point of failure
![Page 5: THE RISE OF MULTI-FACTOR AUTHENTICATIONrickl/courses/ics-h197/2014-fq-h197/talk-Tucker-MultiFactor...THE RISE OF MULTI-FACTOR AUTHENTICATION A PRESENTATION BY GEOFFREY TUCKER. INTRODUCTION](https://reader034.vdocuments.mx/reader034/viewer/2022042313/5ede55ebad6a402d6669a852/html5/thumbnails/5.jpg)
HOW ARE PASSWORDS BEING COMPROMISED?
• Password guessing
• Brute-force / dictionary attack
• Keystroke logging
• Phishing, pharming
• Shared computers
• Man in the middle
![Page 6: THE RISE OF MULTI-FACTOR AUTHENTICATIONrickl/courses/ics-h197/2014-fq-h197/talk-Tucker-MultiFactor...THE RISE OF MULTI-FACTOR AUTHENTICATION A PRESENTATION BY GEOFFREY TUCKER. INTRODUCTION](https://reader034.vdocuments.mx/reader034/viewer/2022042313/5ede55ebad6a402d6669a852/html5/thumbnails/6.jpg)
HOW CAN WE IMPROVE OUR SECURITY?MULTI-FACTOR AUTHENTICATION
KNOWLEDGE FACTORS
Things only the user knows
INHERENCE FACTORS
Things only the user is
POSSESSION FACTORS
Things only the user has
![Page 7: THE RISE OF MULTI-FACTOR AUTHENTICATIONrickl/courses/ics-h197/2014-fq-h197/talk-Tucker-MultiFactor...THE RISE OF MULTI-FACTOR AUTHENTICATION A PRESENTATION BY GEOFFREY TUCKER. INTRODUCTION](https://reader034.vdocuments.mx/reader034/viewer/2022042313/5ede55ebad6a402d6669a852/html5/thumbnails/7.jpg)
KNOWLEDGE FACTORSTHINGS ONLY THE USER KNOWS
• Passwords
• Secret questions
• Personal identification numbers (PIN)
![Page 8: THE RISE OF MULTI-FACTOR AUTHENTICATIONrickl/courses/ics-h197/2014-fq-h197/talk-Tucker-MultiFactor...THE RISE OF MULTI-FACTOR AUTHENTICATION A PRESENTATION BY GEOFFREY TUCKER. INTRODUCTION](https://reader034.vdocuments.mx/reader034/viewer/2022042313/5ede55ebad6a402d6669a852/html5/thumbnails/8.jpg)
INHERENCE FACTORSTHINGS ONLY THE USER IS
• Fingerprints
• Voiceprints
• Iris scan
![Page 9: THE RISE OF MULTI-FACTOR AUTHENTICATIONrickl/courses/ics-h197/2014-fq-h197/talk-Tucker-MultiFactor...THE RISE OF MULTI-FACTOR AUTHENTICATION A PRESENTATION BY GEOFFREY TUCKER. INTRODUCTION](https://reader034.vdocuments.mx/reader034/viewer/2022042313/5ede55ebad6a402d6669a852/html5/thumbnails/9.jpg)
POSSESSION FACTORSTHINGS ONLY THE USER HAS
• Mobile phones
• Connected tokens
• Disconnected tokens
![Page 10: THE RISE OF MULTI-FACTOR AUTHENTICATIONrickl/courses/ics-h197/2014-fq-h197/talk-Tucker-MultiFactor...THE RISE OF MULTI-FACTOR AUTHENTICATION A PRESENTATION BY GEOFFREY TUCKER. INTRODUCTION](https://reader034.vdocuments.mx/reader034/viewer/2022042313/5ede55ebad6a402d6669a852/html5/thumbnails/10.jpg)
POSSESSION FACTORSMOBILE PHONES
• SMS one-time password
• Smartphone push
![Page 11: THE RISE OF MULTI-FACTOR AUTHENTICATIONrickl/courses/ics-h197/2014-fq-h197/talk-Tucker-MultiFactor...THE RISE OF MULTI-FACTOR AUTHENTICATION A PRESENTATION BY GEOFFREY TUCKER. INTRODUCTION](https://reader034.vdocuments.mx/reader034/viewer/2022042313/5ede55ebad6a402d6669a852/html5/thumbnails/11.jpg)
POSSESSION FACTORSCONNECTED TOKENS
• Magnetic stripe cards
• Contact smart cards
• Contactless smart cards
![Page 12: THE RISE OF MULTI-FACTOR AUTHENTICATIONrickl/courses/ics-h197/2014-fq-h197/talk-Tucker-MultiFactor...THE RISE OF MULTI-FACTOR AUTHENTICATION A PRESENTATION BY GEOFFREY TUCKER. INTRODUCTION](https://reader034.vdocuments.mx/reader034/viewer/2022042313/5ede55ebad6a402d6669a852/html5/thumbnails/12.jpg)
POSSESSION FACTORSDISCONNECTED TOKENS
• Sequence-based
• Time-based
• Challenge-Response
![Page 13: THE RISE OF MULTI-FACTOR AUTHENTICATIONrickl/courses/ics-h197/2014-fq-h197/talk-Tucker-MultiFactor...THE RISE OF MULTI-FACTOR AUTHENTICATION A PRESENTATION BY GEOFFREY TUCKER. INTRODUCTION](https://reader034.vdocuments.mx/reader034/viewer/2022042313/5ede55ebad6a402d6669a852/html5/thumbnails/13.jpg)
THE FUTURE OF ONLINE SECURITY
• Two or three-factor authentication on all critical accounts
• Password managers become increasingly common
• Magnetic stripe cards will eventually be replaced by smart cards
• Hackers and researchers will continue to push the boundaries
![Page 14: THE RISE OF MULTI-FACTOR AUTHENTICATIONrickl/courses/ics-h197/2014-fq-h197/talk-Tucker-MultiFactor...THE RISE OF MULTI-FACTOR AUTHENTICATION A PRESENTATION BY GEOFFREY TUCKER. INTRODUCTION](https://reader034.vdocuments.mx/reader034/viewer/2022042313/5ede55ebad6a402d6669a852/html5/thumbnails/14.jpg)
THANK YOU
… any questions?