Upload
xura
View
256
Download
6
Embed Size (px)
Citation preview
|
Passwords today, PASSCODES tomorrow Webinar December 2nd, 2015
Markus Behr, Director Professional Services at XuraLars Gotlieb, Regional Manager DACH at SMS Passcode02.12.2015
PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.151
||
Why single factor authentication struggles after >30 years of usagePasswords today
2 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
The easy principle of single factor authentication:
a password is something only you know
The problem with single factor authentication:
a password is no longer something only you know
||
Our passwords are too easyPasswords today
3 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Check yourself at Intel:https://www-ssl.intel.com/content/www/us/en/forms/passwordwin.html
Longest time to break your account using one of the most common passwords:
||
Our passwords are too shortPasswords today
4 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Modern CPUs/GPUs of standard computers
can try > 1 billion passwords per second
Check yourself at Intel:https://www-ssl.intel.com/content/www/us/en/forms/passwordwin.html
Time to break your account with a numeric password 6 digits long 524017
Check yourself at Intel:https://www-ssl.intel.com/content/www/us/en/forms/passwordwin.html
Time to break your account with an alphanumeric/special chars password 8 characters long §Zg71kö5
Check yourself at Intel:https://www-ssl.intel.com/content/www/us/en/forms/passwordwin.html
Time to break your account with an alphanumeric password 10 characters long Tn5%w-9Uo2
Are you updating your secure password every 2 weeks?
Check yourself at Intel:https://www-ssl.intel.com/content/www/us/en/forms/passwordwin.html
Time to break your account with an alphanumeric password 7 characters long 8Dhr2Pz
http://content.time.com/time/interactive/0,31813,2048601,00.html
||
Our passwords are not securely storedPasswords today
5 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
http://www.inquisitr.com/2385536/225k-iphones-hacked-passwords-stolen-by-malware/
http://www.wired.co.uk/news/archive/2015-11/25/mr-grey-hacker-controls-12-billion-stolen-logins
http://thehackernews.com/2015/09/ashley-madison-password-cracked.html
http://thehackernews.com/2015/10/free-web-hosting-hacking.html
http://www.cio-today.com/article/index.php?story_id=023000QNX0I2
http://www.scmagazine.com/patreons-hack-exposes-data-on-23-million-users/article/443518/
examples for big data breachesfrom the press since Sept. 2015
||
We secure e.g. banking transactions by adding a further factor2-Factor-Authentication
6 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Something you have:mTAN / OTP
Something you know:
Password+
typically distributed to separate device e.g.
smartphoneXura globally transports your OTP to the end users’ mobile devices through our certified, highly secure platform with global reach and
premium SLA options
Xura provides easy to integrate APIs to generate and verify OTPs to secure e.g. your consumer based processes
Xura technology comes integrated with turn key strong authentication by SMS Passcode to secure your internal systems
OTP transportOTP APIs
OTP software
||
while mobile attack scenarios are coming up to weaken the 2nd factor (like by malware, SIM swap, HLR spoofing, etc.)
for internal systems many enterprises still trust in pure password authentication
Think smarter – next-gen multifactor authenticationPasscodes tomorrow
7 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Something you have:mTAN / OTP
Something you know:
Password+
Xura and SMS Passcode raise security by adaptive multifactor authentication
Something you have:Hardened mobile device+
Added context relation:Check of additional factors
+
Something you have:PASSCODE
Something you are:
Biometrics
|8 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
trustegohardened mobile devices
||
trustego technology by Xuraenables secure mobile IP messaging
9 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
trustego is one of the most secure systems, to receive mobile messages and PIN/mTAN codes on a smartphone or tablet today
Global coverage via IP access (GSM + WLAN) and SMS fallback
Highest security standards, TÜV i-sec certificated
Branded, rich-media msgs with secure attachments and read receipt
Option of interactive click-based processes with highest usability
Available as trustego app, dedicated app solutions or trustego SDK
Binds messages to the users mobile identity (MSISDN) and device
Secured message transfer and storage
||
trustego advanced message design
10 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Secure Inbox and Archiv(+ optional PIN Code Secure App)
Dynamic Sender &Automated sender branding
(colour + logo)
Support for overlong textand HTML format
Transportation of Rich Media elements, links
and secure attachments (e.g. images or pdfs)
Limited Validity of message and action
(optionally)Secure click-based
interaction over encrypted channel
(optionally)
||
trustego cutting edge mobile security
11 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Messages are delivered via a geo-redundant and regularly audited platform in ISO/IEC 27001 certified colocations, reaching users anywhere and any time, in under 1
second.Server side security with fraud detection. Signed and encrypted message transfer. Secure and encrypted local storage.No attackable local algorithm for TAN / Token generation on the mobile device.
HTTP/S w. client certificateHighest supported encryption
iOS key chain and own Android key chaincode obfuscation and anti-reverse-engineering
SteganographyJailbreak and Root detectionPIN lockMessage timeoutMessage archiveSecurity updatesversion check
HTTP POST / Header
One click authentication with encrypted backchannelpush notification
verifiable read receipttheft lock
|12 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Context adaptedmultifactor security
||
Your contacts13 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Markus Behr
Director Professional ServicesAcision Secure Communications
GmbHa Xura company
Phone: +49 (0) 89 20 17 27 64
Mobil: +49 (0) 172 8389 564
E-Mail: [email protected]
Lars Gotlieb
Regional Manager DACHSMS PASSCODE A/S
Phone: +49 (0) 89 99216 407
Mobile: +49 (0) 175 9572 602
E-Mail: [email protected]
Achieving Customer Success
2000+ customers
800k+ users
99% customer satisfaction
||14 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Think smarter – next-gen multifactor authenticationPasscodes tomorrow
14 PASSWORDS TODAY, PASSCODES TOMORROW | 02.12.15
Something you have:PASSCODE
Another example:Password +
Launch the App
Look at the camera
Read the passphrase
Something you are:
BiometricsSmartphone based
face and voice recognition
Proof who you are:Video
legitimationVideo and audio based identification through
Smartphone or Browser
PASSPORT