Next Generation Two Factor Authentication Are Fagerheim Trygg Data AS - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

Next Generation Two Factor Authentication Are Fagerheim Trygg Data AS

Description:

Dog/Kid's name/ Birthday. Shoulder surfing. Keystroke logging ... Requires 3000 SMS messages. Total Cost: 20 per month - 1.5 pence per SMS. Cost Of Sending SMS ... – PowerPoint PPT presentation

Number of Views:55
Avg rating:3.0/5.0
Slides: 16
Provided by: AndyKe2
Category:

less

Transcript and Presenter's Notes

Title: Next Generation Two Factor Authentication Are Fagerheim Trygg Data AS


1
Next GenerationTwo Factor AuthenticationAre
Fagerheim Trygg Data AS
2

Problems With Passwords
  • Social engineering
  • Finding written password
  • Post-It Notes
  • Guessing password / pin
  • Dog/Kids name/ Birthday
  • Shoulder surfing
  • Keystroke logging
  • Can be resolved with mouse based entry
  • Screen scraping (with Keystroke logging)
  • Brute force password crackers
  • L0phtcrack

3
Two Factor Authentication
  • Something you know
  • Pin
  • Password
  • Mothers Maiden Name
  • Something you own
  • Keys
  • Credit Card
  • Token
  • Phone
  • Something you are
  • Fingerprint
  • DNA
  • Two Factor Authentication is Two of the above
  • Example Chip Pin
  • Something you Know Pin

4
Existing Form Factors
  • Smartcards
  • End user must remember to carry the card!
  • Smartcards need a reader and software drivers
  • Remote Users cant use home PCs or Cybercafés
  • Smart phones, Blackberrys, PocketPC etc are
    limited by size
  • Requires certificate enrolment and replacement
  • Deployment - Remote users must be sent a
    hardware device
  • Support Pin Management Failed token must be
    managed

5
Existing Form Factors
  • USB Tokens
  • End user must remember to carry the token!
  • USB socket was not designed for constant
    insertion / removal and causes USB socket failure
  • Requires USB driver software to be Installed and
    Supported
  • Home PC not supported!
  • Hotel / Cybercafés No Software Install allowed!
  • Smart Phones havent got a USB Port!!!
  • Deployment - Remote users must be sent a
    hardware device
  • Support Pin management failed token must be
    managed

6
Existing Form Factors
  • Tokens
  • End user must remember to carry the token!
  • Deployment - Remote users must be sent a hardware
    device
  • Token may require resynchronisation
  • Support Pin Management Failed token must be
    managed
  • Short Term Contractors - Dont always return the
    token
  • B2B One to many companies requires many
    identical tokens

7
The Next Generation
  • Mobile Phone based Authentications
  • Mobile Phones solve all the previous issues
    however
  •  Adding Software to a range of Phones is
    difficult to support
  •  SMS at peak times sometimes cause delay of
    several minutes

8
The SecurEnvoy Approach
  • Pre-loading the next required SMS message after
    each authentication attempt
  • Re-usable day or week codes sent at fixed times
  • Temporary agreed static code for XX days with
    self help

9
Ease Of Use (Cost) Vs Risk
Ease Of Use (Cost) Vs Risk
Hard
Tokens or Smartcards
Ease Of Use
30 Day Password
Fixed Password
Easy
Risk
High Risk
Low Risk
10
Cost Of Sending SMS
  • Typical 700 User Example
  • Users set to 7 day codes, 1 SMS per week
  • Requires 3000 SMS messages
  • Total Cost 20 per month - 1.5 pence per SMS

11
Solution Overview -Radius
Mobile Network
No software required on phone
Next Required Passcode is Sent
Passcode 289621
Passcode 659142
Passcode sent after last authentication.
Eliminates any SMS delay problems
PIN can be Windows Password
Fortinet Checkpoint Juniper Nortel Cisco
Internet
IIS Web Server
Citrix nFuse OutLook Web Access Aventail SSL VPN
12
Solution Overview -Web
Mobile Network
No software required on phone
Next Required Passcode is Sent
Passcode 289621
Passcode 659142
Passcode sent after last authentication.
Eliminates any SMS delay problems
PIN can be Windows Password
Fortinet Checkpoint Juniper Nortel Cisco
Internet
IIS Web Server
Citrix nFuse OutLook Web Access Aventail SSL VPN
13
Microsoft Logon Authentication
  •  Desktop / Laptop Users with Screen Lock
  • Need To Authenticate many times a day!
  • PDA Mobile Phone Users Syncing E-mail
  • Need To Authenticate many times a day
  • Long term remote users with 30 day passwords
  • Support issues with locked User Accounts
  • End Users will not accept the burden of
    authenticating many times a day with two-factors!

The Key Issues
14
Solution OverviewMicrosoft Logon Authentication
PIN PASSCODE WINDOWS PASSWORD
Passcode sent when Windows password updated
Mobile Network
Passcode 234836
Passcode 517834
SecurEnvoy Security Server
Passcode sent at intervals, typically 1-30 days.
Windows password updated, typically 1-30 days.
User authenticates With PIN and passcode .
Windows password updated
Internal Network
Domain Controller Microsoft Active Directory
15
Summary
The Next Generation is Mobile Phone Based
AuthenticationMust Be Supportable (No software
on the phone)Must Allow for SMS Delays Loss
of SignalMust Be Easy To Use (6 Digit Display
On Phone)Should Re-Use Existing Passwords
(Windows) as the PINShould Directly Integrate
With Microsoft AD
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Next Generation Two Factor Authentication Are Fagerheim Trygg Data AS" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!