1 / 14

Next Generation Two Factor Authentication

Next Generation Two Factor Authentication. 21 st Century Remote Access. Laptop Home / Other Business PC Hotel / Cyber Café / Airport Smart Phone / Blackberry. Who is using your VPN. Problems With Passwords. “Social engineering” Finding written password Post-It Notes

kaili
Download Presentation

Next Generation Two Factor Authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Next GenerationTwo Factor Authentication

  2. 21st Century Remote Access • Laptop • Home / Other Business PC • Hotel / Cyber Café / Airport • Smart Phone / Blackberry

  3. Who is using your VPN Problems With Passwords • “Social engineering” • Finding written password • Post-It Notes • Guessing password / pin • Dog/Kid’s name/ Birthday • Shoulder surfing • Keystroke logging • Can be resolved with mouse based entry • Screen scraping (with Keystroke logging) • Brute force password crackers • L0phtcrack

  4. Two Factor Authentication • Something you know • Pin • Password • Mothers Maiden Name • Something you own • Keys • Credit Card • Token • Phone • Something you are • Fingerprint • DNA • Two Factor Authentication is Two of the above • Example: ATM Cash Machine • Something you Know – Pin • Something you Own - Cash Card (Chip)

  5. Existing Form Factors • Smartcards / USB Tokens • End user must remember to carry the card! • Smartcards need readers • Both need software drivers • Remote Users can’t use other PC’s or Cybercafés • Smart phones, Blackberry’s, PocketPC etc are limited by size • Requires certificate enrolment and replacement • Deployment - Remote users must be sent a hardware device • Support – Pin Management & Failed token must be managed

  6. Existing Form Factors Hardware Tokens • End user must remember to carry the token! • Deployment - Remote users must be sent a hardware device • Token may require resynchronisation • Support – Pin Management & Failed token must be managed • Short Term Contractors - Don’t always return the token • B2B – One to many companies requires many identical tokens

  7. The Next Generation Mobile Phone based Authentication Mobile Phones solve all the previous issues however •  Adding Software to a range of Phones is difficult to support •  SMS at peak times sometimes cause delay of several minutes

  8. Pre-Load vs. On demand SMS

  9. The SecurEnvoy Approach One Time Code Each authentication (good or bad) send’s the next required code Each Code can only be used once The first 6 digit passcode is sent at enrolment Passcode 573921 Passcode 347865 Passcode 347865 Passcode 198462 Day Code Each day (or set number of days) a new code is sent if used If the current day code hasn’t been used, it’s still secret and will not require updating Each day code can be reused for the current and following day Tmp Code A pre-agreed static code that automatically switches back to One Time or Day Code after a set number of days 10 failed attempts in a row disables account and SMS messages (all modes)

  10. PIN Management Traditional Approach UserID: fred PIN: 3687 Passcode:435891 Microsoft Password: P0stcode Two Factor Authentication requires something you know & something you own Why authenticate with two things you know? The SecurEnvoy Approach UserID: fred Microsoft Password: P0stcode Passcode: 435891 Reuse The Microsoft or other LDAP Password as the PIN Easier end user authentication experience No PIN Administration required Can also support a PIN if required

  11. Ease Of Use (Cost) Vs Risk SecurEnvoy 1 Day Code SecurEnvoy One Time Code SecurEnvoy 7 Day Code Cost Vs Risk Expensive / Hard Tokens / Smartcards Cost / Use 30 Day Password Fixed Password Cheap Easy Risk High Risk Low Risk

  12. The SecurEnvoy Approach Standard Authentication Solutions • SecurEnvoy Solution Re-enter user information Use AD or other LDAP as the database SQL Database Active Directory LDAP Sync Replication SQL Database No schema change required Data Encrypted with 128 bit AES

  13. SecurAccess Authentication SecurAccess Authentication Andyk Something You Know Passcode 573921 P0stcode 234836 Something You Own Enter 6 Digit Number from Mobile Phone

  14. Summary The Next Generation is Mobile Phone Based AuthenticationUp to 60% cheaper that Hardware Tokens No Software on the phoneMust Allow for SMS Delays & Loss of SignalMust Be Easy To Use (6 Digit Display On Phone)Should Re-Use Existing Passwords (Windows) as the PINShould Use LDAP as the Database www.SecurEnvoy.com

More Related