two factor authentication

21
© 2014 SecurEnvoy Revolutionising 2FA to enhance the user experience Andy Kemshall – Co Founder 01/01/14 Company logo

Upload: ricardo-resnik

Post on 28-Nov-2014

140 views

Category:

Documents


4 download

DESCRIPTION

 

TRANSCRIPT

Page 1: Two factor Authentication

© 2014 SecurEnvoy

Revolutionising 2FA to enhance the user experience

Andy Kemshall – Co Founder01/01/14

Company logo

Page 2: Two factor Authentication

© 2014 SecurEnvoy

Ideal Solution

To Allow Secure Remote Access with 2FA• Anywhere, Anytime, on Any device• Strong security• Consistent Simple User eXperience• Cost Effective

iPad Smart Phone Home PC Business Lounge

AAA

Secure

UX

ROI

Page 3: Two factor Authentication

© 2014 SecurEnvoy

2FA Token Types

• Hard Tokens• Certificates• Push• Adaptive Authentication• Real Time SMS• Preload SMS• Soft Tokens Apps• One Swipe

Page 4: Two factor Authentication

© 2014 SecurEnvoy

Hard Token

• Hardware Tokens– Require distribution, synchronizing– 30 year old technology– Seed records known to vendors / governments

• Smart Cards– Needs a reader and local driver software– Require distribution, certificate management

• USB Sticks– Local driver software– Require distribution, certificate management

• User must carry the token AAA Secure UX ROI

Page 5: Two factor Authentication

© 2014 SecurEnvoy

Certificates

• Enrolment authentication• Only authenticate on this device• Leaving identity everywhere

• What happens when?– Cert Expires every year– CA Expires every 5 years– Device is upgraded or sold

X

AAA Sec UX ROI

Page 6: Two factor Authentication

© 2014 SecurEnvoy

One Identity is the Solution

SMS

Pre-Load On-Demand 3 Codes Periodic

Phone orTablet App

Laptop

X

X

X• One Soft Token Identity• Self Service “Manage My Token” portal• Change many times @ no additional cost

Page 7: Two factor Authentication

© 2014 SecurEnvoy

Push Technologies

• Requires GSM DATA• No unique Passcode• Push sent to all devices• No session locking

– Shoulder surfer connects just before?

AAA Sec UX ROI

Page 8: Two factor Authentication

© 2014 SecurEnvoy

Adaptive Authentication

Bob - Logs in from coffee shopNo Passcode Prompt

Bob - Logs in from homeNo Passcode Prompted

Bob - Logs in from USAPasscode Prompted

Bob - Logs in from airport Passcode Prompt

AAA UX ROINOT a consistent user experience

Page 9: Two factor Authentication

© 2014 SecurEnvoy

The Problem• SMS delivery delays

• Expect around 4% of SMS messages to takes longer that 1 minute

• SLA’s on delivery DON’T cover sending to the user’s phone

• Signal dead spots• buildings with wide outer walls• underground basements• computer rooms

• Phone is used to connect to the internet• Some phones can’t receive SMS when a data connection is

active “96% of texts are delivered within 10 seconds” source Vodafone

Real Time SMS

UserID & Pin SMS Sent to Phone

AAA Secure UX ROI

Page 10: Two factor Authentication

© 2014 SecurEnvoy

Something You Know

Something You Own

Andyk

P0stcode

956324

Next Required Passcode Sent To Phone (overwrites previous message)

Passcode769310

Pre-Loaded SMS

AAA Secure UX ROI

Page 11: Two factor Authentication

© 2014 SecurEnvoy

SMS Gateway Delivery

Wrong Approach • Limited SMS Gateways options• Tied to one provider

– Be wary of hidden costs– International coverage

Correct Approach • Multiple SMS gateway options

– Intelligent routing– Redundant failover– Multiple methods – competitive SMS providers brings lower costs

Telco SMSProvider

Page 12: Two factor Authentication

© 2014 SecurEnvoy

******

***********

Soft Token App

Page 13: Two factor Authentication

© 2014 SecurEnvoy

SEED Security

XXX

XXX

Page 14: Two factor Authentication

© 2014 SecurEnvoy

Seed 1st Part

QRCode Scan

8 Digit Code

Seed 1st Part

Fingerprint of Phone

Seed 2nd PartSeed 2nd Part

2nd Seed Part is recreated each time a passcode is created

Seed 2nd PartSeed 2nd PartSeed 2nd Part

Random 1st Seed Part Created LocallySeeds are NOT stored by SecurEnvoyAES 256 Bit Encrypted

SEED Security

Page 15: Two factor Authentication

© 2014 SecurEnvoy

iPhone 4 iPhone 5

No Additional Cost To upgrade to a new phone

Old Seed Deleted From Server

New SeedCreated

Soft Token - Upgrade Phone

AAA Secure UX ROI

Page 16: Two factor Authentication

© 2014 SecurEnvoy

What does the user want?

This?AQ4£DhdboieBu7&6tgy)997h15!s57up!d

Or this?

This?

Page 17: Two factor Authentication

© 2014 SecurEnvoy

One Swipe Via QRCode

******

***********

Scan QRCode From PhoneEnter Pin

One Time QRCode

• No Phone Signal or Data Connection Required• Automatic Time Sync to +/- 13 Hours GMT (any time zone)

Page 18: Two factor Authentication

© 2014 SecurEnvoy

Off-line or behind a firewall

One Swipe

Don’t need to enter UserIDDon’t need to enter passcodeDon’t need to re-enter passcode

JUST PIN & SWIPE

No Signal

VPN Login TemplatesIsolated

Page 19: Two factor Authentication

© 2014 SecurEnvoy

One Swipe Future Road Map

******

***********

Enter Pin

AAA Secure UX ROI

Page 20: Two factor Authentication

© 2014 SecurEnvoy

2FA Token Types, Talk To Us @ Stand H10

• Hard Tokens• Certificates• Push• Adaptive• RealTime SMS• Pre Load SMS• Soft Token• One Swipe

AAA Sec UX ROI

AAA Sec UX ROI

AAA UX ROI

AAA Secure UX ROI

AAA Secure UX ROI

AAA Secure UX ROI

AAA Secure UX ROI

AAA Secure UX ROI

Page 21: Two factor Authentication

© 2014 SecurEnvoy

See us on Stand H10