Upload
others
View
11
Download
0
Embed Size (px)
Citation preview
© 2
018
Yub
ico
© 2018 Yubico
Industry LeadingSecure AuthenticationWith Yubico
© 2
018
Yub
ico
2
Google Eliminated Account TakeoversMandated security keys for every employee and contractor.
“We have mandated a hardware second factor since 2009...we have not had a single successful phishing attack against a Google employee since then.”
- Niels Provos, Distinguished Engineer at Google
A16z Podcast: The State of Security+50,000 employees in +50 countries
© 2
018
Yub
ico
Google Case Study
3
OTP through Mobile Apps and SMS didn’t stop phishing
YubiKeys made mandatory for Google Employees and Contractors
● Zero account takeovers ● 4X faster to login● 92% support reduction
© 2
018
Yub
ico
Global Authentication Leader Yubico● 1st product launched in 2008● 110 people in 7 countries● Backed by renowned entrepreneurs● 5 years of profits
Customers● 9 of the top 10 internet companies● 2 of the top 3 financial, retail, health co’s● Millions of users in 160 countries
© 2
018
Yub
ico
# of ServicesAny Shared SecretsNoOne Authenticator
Yubico invented FIDO U2FGlobal open authentication standard created by Yubico & Google
© 2
018
Yub
ico
81% of Breaches from Stolen Passwords2
Authenticating only with username and password is not sufficient.
6
People reuse passwords across sites and use weak passwords.
© 2
018
Yub
ico
#1 Attack to Steal Passwords is Phishing3
Sophisticated phishing tricks users 45% of the time4.
7
● Security fatigue - Users are in cognitive overload
● 15% fall for phishing more than once a year5
© 2
018
Yub
ico
Not All 2FA is Created EqualMost 2FA are Vulnerable to Phishing
● SMS● One Time Passwords
(OTP)● Mobile Apps● Mobile Push
8
© 2
018
Yub
ico
Secure One Touch Login
1. Enter username/pwd 2. Insert U2F Key 3. Touch/tap device 1 2 3
YubiKey does not require a battery nor network connection
© 2
018
Yub
ico
Yubico Enterprise Authentication
10
Cloud Services
On-premises Services
Smart Card
OTP
Smart CardFIDO U2F
FIDO U2F
OTP
FIDO U2F
Employee AdminsPrivileged Access
Employee Users Computer LoginWeb Applications
Remote Access
Vendor & SupplierRemote Access
Web Applications
CustomerWeb Applications
IDENTITY ACCESS
CONTROL SYSTEMS
IDENTITY ACCESS
CONTROL SYSTEMS
© 2
018
Yub
ico
Computer Login
Privileged Access
Encryption
Remote Access& VPN
Identity AccessMgmt
Developer Tools
Password Mgmt
OnlineServices
11
Deploy YubiKeys in Days not MonthsIndustry leading support for modern and legacy protocols.
© 2
018
Yub
ico
YubiKeys are Proven UnphishableYubiKeys at Google have eliminated account takeovers.
12
OTP through Mobile Apps and SMS didn’t stop account takeovers
YubiKeys made mandatory for Google Employees and Contractors
Stopped account takeovers.
50,000+ Employees in over 70 Countries
© 2
018
Yub
ico
YubiKeys Reduce IT’s #1 Support CostGoogle reduced support calls by 92% with YubiKeys9.
13
© 2
018
Yub
ico
Attacker’s IP 172.58.72.166
Attacker’s PushUser’s Push
Phishing with Mobile Push
Advanced Phishing Protection - U2F
https://
Origin boundkeys
User presence
Strong crypto
Native Browser/OSsupport
Secure backup
16© 2
017
Yub
ico
Latest Digital Identity Guidelines 800-63 Revision 3
● Approves FIDO U2F at highest Authenticator Assurance Level (AAL3)
● YubiKey in process for FIPS 140-2 overall lv 2 physical, security lv 3
NIST Recognizes FIDO U2F
800-63B
17© 2
016
Yub
ico
© 2
016
Yub
ico
FIDO U2F/2 Standards
Web apps & services
Operating systems
Browsers
Any deviceUSB/NFC/BLE devices
Built-in chips
Human gesture
17
On-premises apps
18© 2
016
Yub
ico
YubiKey Platform
Services 3rd party Customizations
USB & NFC Keychain
Cloud Validation
USB Nano Form
Driverless OTPOATH TOTP/HOTP, YubiKey
Public KeyFIDO U2F/2, PIV, OpenPGP
Firmware & protocols
Hardware authenticators
Support
Integrations Open source servers
YubiHSM Server encryption
APIs
USB-C
Keychain USB-C Nano
3rd party integrations
Yubico proprietary software and/or hardware
Open standards w/ proprietary software
Open source software
© 2
018
Yub
ico
YubiKey for Mobile
NFC Tap security key on NFC phone
USB-C
Mobile SDK
BLE & Lightning being evaluated
© 2
018
Yub
ico
Simple ● Ultra portable design
Affordable● Dramatically lower cost
(5 - 10x savings)
Secure● Secure chip and crypto processor
with advanced algorithms
YubiHSM 2
YubiHSM 2YubiHSM 2
Protecting secrets on servers
© 2
018
Yub
ico
Cutting Edge Manufacturing● Highly secure and automated manufacturing in California and Sweden
● Custom programming of 50 YubiKeys in 2 seconds (1M/month)
● End to end control of secrets
© 2
018
Yub
ico
Questions?
© 2
018
Yub
ico
© 2017 Yubico