SlideShare una empresa de Scribd logo

Beyond Passwords: FIDO (Fast IDentity Online) and the Larger Market for Strong Authentication

D
derektop

From Voice Biometrics Conference San Francisco (May 8-9, 2013), Michael Barrett, Chief Information Security Officer, PayPal -- With the explosive growth of electronic commerce and mobile banking, the need for strong authentication is growing. PayPal is helping spearhead the FIDO Alliance, which introduces a viable alternative to passwords with a standards-based approach to authentication that raises security and ensures privacy, while simplifying authentication. FIDO unleashes vast potential for both existing and many new markets. The question is: "How big is the market opportunity for voice and all biometrics in a FIDO enabled world?"

Tecnología
1 de 15
Descargar para leer sin conexión
PayPal TM Michael Barrett, CISM, CISSP Chief Information Security Officer Voice  Biometrics  Conference   May  8,  2013  
Opportunity for Better Authentication is Upon Us Passwords Just Do Not Work… For Users For Organizations Painful to Use   •  25  Accounts   •  8  Logins  /  Day   •  6.5  Passwords   Difficult to Secure •  $5.5M / Data Breach •  $15M / PWD Reset •  $60+ / Token For the Ecosystem Impossible to Scale •  Fragmented •  Inflexible •  Slow to Adopt
Common experiences related to authentication failure (respondents who say it happened to them one or more times over the past 2 years) Users are frustrated - password complexity requirements working against them instead of supporting them Experiences with Identity and Authentication
JUST EASY SECURE & EASY JUST BAD HighSecurityLow UNPLEASANT Low HighUsability Security is not a Continuum…
DO YOU REALLY WANT YOUR REFRIGERATOR TO KNOW YOUR PAYPAL PASSWORD? Do You Really Want Your Refrigerator to Know Your PayPal Password?
Newer Technologies Exist
0 20 40 60 80 100 120 2006 2007 2008 2009 2010 2011 2012 Authentication Vendors Increasing Options
Authentication Standards Combined with Advances in Biometrics Provide a New Path Forward
How FIDO Works FIDO Authenticators Website Browser FIDO Plugin Device Specific Module 6 4 1 2 3 5 Validation Cache secret secrets refresh Vendor Tokens FIDO Repository
•  User picks their own token type •  User decides when/if to bind their token to their account •  Existing tokens (like finger) can be used by downloading the FIDO plugin •  User can download the plugin from various sites •  User could have a PIN-protected USB drive to use while travelling The FIDO “User” Experience
Please say your passphrase to log into your account Speak Voice Experience
Finger Experience
USB Experience
Ø The Internet needs better authentication, now Ø Stronger authentication is not “better authentication” Ø An industry standards based approach is the only viable way forward Ø “Whether you believe you can do a thing, or not, you are right” (Henry Ford)
Michael Barrett, CISM, CISSP Chief Information Security Officer mbarrett@paypal.com PayPal TM Thank You for Your Time!

Recomendados

Estudio: Consumo de Productos con Alto Nivel Calórico
Estudio: Consumo de Productos con Alto Nivel Calórico Estudio: Consumo de Productos con Alto Nivel Calórico
Estudio: Consumo de Productos con Alto Nivel Calórico Survey México
 
El refresco en_mexico valeria eq 2
El refresco en_mexico valeria eq 2El refresco en_mexico valeria eq 2
El refresco en_mexico valeria eq 2dulceelizalde
 
Estudio mercado Feebbo refrescos México
Estudio mercado Feebbo refrescos MéxicoEstudio mercado Feebbo refrescos México
Estudio mercado Feebbo refrescos MéxicoLink to WhatsApp
 
El consumo de refrescos en México
El consumo de refrescos en MéxicoEl consumo de refrescos en México
El consumo de refrescos en MéxicoASCOCA
 
La gaseosa
La gaseosaLa gaseosa
La gaseosalandermix
 
Procesos refrescos-concentrados y conservas
Procesos refrescos-concentrados y conservasProcesos refrescos-concentrados y conservas
Procesos refrescos-concentrados y conservasanlanziano
 
Planta procesadora de bebidas gaseosas
Planta procesadora de bebidas gaseosasPlanta procesadora de bebidas gaseosas
Planta procesadora de bebidas gaseosasPablo Laura
 
ANPEC-Encuesta sobre la realidad económica del pequeño comercio y sus consumi...
ANPEC-Encuesta sobre la realidad económica del pequeño comercio y sus consumi...ANPEC-Encuesta sobre la realidad económica del pequeño comercio y sus consumi...
ANPEC-Encuesta sobre la realidad económica del pequeño comercio y sus consumi...ANPECMx
 

Recomendados

Estudio: Consumo de Productos con Alto Nivel Calórico
Estudio: Consumo de Productos con Alto Nivel Calórico Estudio: Consumo de Productos con Alto Nivel Calórico
Estudio: Consumo de Productos con Alto Nivel Calórico Survey México
 
El refresco en_mexico valeria eq 2
El refresco en_mexico valeria eq 2El refresco en_mexico valeria eq 2
El refresco en_mexico valeria eq 2dulceelizalde
 
Estudio mercado Feebbo refrescos México
Estudio mercado Feebbo refrescos MéxicoEstudio mercado Feebbo refrescos México
Estudio mercado Feebbo refrescos MéxicoLink to WhatsApp
 
El consumo de refrescos en México
El consumo de refrescos en MéxicoEl consumo de refrescos en México
El consumo de refrescos en MéxicoASCOCA
 
La gaseosa
La gaseosaLa gaseosa
La gaseosalandermix
 
Procesos refrescos-concentrados y conservas
Procesos refrescos-concentrados y conservasProcesos refrescos-concentrados y conservas
Procesos refrescos-concentrados y conservasanlanziano
 
Planta procesadora de bebidas gaseosas
Planta procesadora de bebidas gaseosasPlanta procesadora de bebidas gaseosas
Planta procesadora de bebidas gaseosasPablo Laura
 
ANPEC-Encuesta sobre la realidad económica del pequeño comercio y sus consumi...
ANPEC-Encuesta sobre la realidad económica del pequeño comercio y sus consumi...ANPEC-Encuesta sobre la realidad económica del pequeño comercio y sus consumi...
ANPEC-Encuesta sobre la realidad económica del pequeño comercio y sus consumi...ANPECMx
 
Operationalizing Voice Biometrics
Operationalizing Voice BiometricsOperationalizing Voice Biometrics
Operationalizing Voice Biometricsderektop
 
Introduction to Truly Handsfree 3.0
Introduction to Truly Handsfree 3.0Introduction to Truly Handsfree 3.0
Introduction to Truly Handsfree 3.0derektop
 
e-Government Applications for Voice Authentication
e-Government Applications for Voice Authenticatione-Government Applications for Voice Authentication
e-Government Applications for Voice Authenticationderektop
 
Mobile Voice Authentication
Mobile Voice AuthenticationMobile Voice Authentication
Mobile Voice Authenticationderektop
 
Future of Mobile Authentication
Future of Mobile AuthenticationFuture of Mobile Authentication
Future of Mobile Authenticationderektop
 
The Future of Secure, Mobile Authentication
The Future of Secure, Mobile AuthenticationThe Future of Secure, Mobile Authentication
The Future of Secure, Mobile Authenticationderektop
 
The Case for Voice + Face Recognition
The Case for Voice + Face RecognitionThe Case for Voice + Face Recognition
The Case for Voice + Face Recognitionderektop
 
The Power of a Black List, the Promise of a White List
The Power of a Black List, the Promise of a White ListThe Power of a Black List, the Promise of a White List
The Power of a Black List, the Promise of a White Listderektop
 
Case Study: Passive Authentication at Barclays
Case Study: Passive Authentication at BarclaysCase Study: Passive Authentication at Barclays
Case Study: Passive Authentication at Barclaysderektop
 
Powering Security and Easy Authentication in a Multi-Channel World
Powering Security and Easy Authentication in a Multi-Channel WorldPowering Security and Easy Authentication in a Multi-Channel World
Powering Security and Easy Authentication in a Multi-Channel Worldderektop
 
Natural Interaction in the Connected Home
Natural Interaction in the Connected HomeNatural Interaction in the Connected Home
Natural Interaction in the Connected Homederektop
 
Case Study: Voice Verification by Mobile Operator Avea
Case Study: Voice Verification by Mobile Operator AveaCase Study: Voice Verification by Mobile Operator Avea
Case Study: Voice Verification by Mobile Operator Aveaderektop
 
Voice Biometrics: The Big Picture Gets Bigger
Voice Biometrics: The Big Picture Gets BiggerVoice Biometrics: The Big Picture Gets Bigger
Voice Biometrics: The Big Picture Gets Biggerderektop
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 

Más contenido relacionado

Más de derektop

Operationalizing Voice Biometrics
Operationalizing Voice BiometricsOperationalizing Voice Biometrics
Operationalizing Voice Biometricsderektop
 
Introduction to Truly Handsfree 3.0
Introduction to Truly Handsfree 3.0Introduction to Truly Handsfree 3.0
Introduction to Truly Handsfree 3.0derektop
 
e-Government Applications for Voice Authentication
e-Government Applications for Voice Authenticatione-Government Applications for Voice Authentication
e-Government Applications for Voice Authenticationderektop
 
Mobile Voice Authentication
Mobile Voice AuthenticationMobile Voice Authentication
Mobile Voice Authenticationderektop
 
Future of Mobile Authentication
Future of Mobile AuthenticationFuture of Mobile Authentication
Future of Mobile Authenticationderektop
 
The Future of Secure, Mobile Authentication
The Future of Secure, Mobile AuthenticationThe Future of Secure, Mobile Authentication
The Future of Secure, Mobile Authenticationderektop
 
The Case for Voice + Face Recognition
The Case for Voice + Face RecognitionThe Case for Voice + Face Recognition
The Case for Voice + Face Recognitionderektop
 
The Power of a Black List, the Promise of a White List
The Power of a Black List, the Promise of a White ListThe Power of a Black List, the Promise of a White List
The Power of a Black List, the Promise of a White Listderektop
 
Case Study: Passive Authentication at Barclays
Case Study: Passive Authentication at BarclaysCase Study: Passive Authentication at Barclays
Case Study: Passive Authentication at Barclaysderektop
 
Powering Security and Easy Authentication in a Multi-Channel World
Powering Security and Easy Authentication in a Multi-Channel WorldPowering Security and Easy Authentication in a Multi-Channel World
Powering Security and Easy Authentication in a Multi-Channel Worldderektop
 
Natural Interaction in the Connected Home
Natural Interaction in the Connected HomeNatural Interaction in the Connected Home
Natural Interaction in the Connected Homederektop
 
Case Study: Voice Verification by Mobile Operator Avea
Case Study: Voice Verification by Mobile Operator AveaCase Study: Voice Verification by Mobile Operator Avea
Case Study: Voice Verification by Mobile Operator Aveaderektop
 
Voice Biometrics: The Big Picture Gets Bigger
Voice Biometrics: The Big Picture Gets BiggerVoice Biometrics: The Big Picture Gets Bigger
Voice Biometrics: The Big Picture Gets Biggerderektop
 

Más de derektop (13)

Operationalizing Voice Biometrics
Operationalizing Voice BiometricsOperationalizing Voice Biometrics
Operationalizing Voice Biometrics
 
Introduction to Truly Handsfree 3.0
Introduction to Truly Handsfree 3.0Introduction to Truly Handsfree 3.0
Introduction to Truly Handsfree 3.0
 
e-Government Applications for Voice Authentication
e-Government Applications for Voice Authenticatione-Government Applications for Voice Authentication
e-Government Applications for Voice Authentication
 
Mobile Voice Authentication
Mobile Voice AuthenticationMobile Voice Authentication
Mobile Voice Authentication
 
Future of Mobile Authentication
Future of Mobile AuthenticationFuture of Mobile Authentication
Future of Mobile Authentication
 
The Future of Secure, Mobile Authentication
The Future of Secure, Mobile AuthenticationThe Future of Secure, Mobile Authentication
The Future of Secure, Mobile Authentication
 
The Case for Voice + Face Recognition
The Case for Voice + Face RecognitionThe Case for Voice + Face Recognition
The Case for Voice + Face Recognition
 
The Power of a Black List, the Promise of a White List
The Power of a Black List, the Promise of a White ListThe Power of a Black List, the Promise of a White List
The Power of a Black List, the Promise of a White List
 
Case Study: Passive Authentication at Barclays
Case Study: Passive Authentication at BarclaysCase Study: Passive Authentication at Barclays
Case Study: Passive Authentication at Barclays
 
Powering Security and Easy Authentication in a Multi-Channel World
Powering Security and Easy Authentication in a Multi-Channel WorldPowering Security and Easy Authentication in a Multi-Channel World
Powering Security and Easy Authentication in a Multi-Channel World
 
Natural Interaction in the Connected Home
Natural Interaction in the Connected HomeNatural Interaction in the Connected Home
Natural Interaction in the Connected Home
 
Case Study: Voice Verification by Mobile Operator Avea
Case Study: Voice Verification by Mobile Operator AveaCase Study: Voice Verification by Mobile Operator Avea
Case Study: Voice Verification by Mobile Operator Avea
 
Voice Biometrics: The Big Picture Gets Bigger
Voice Biometrics: The Big Picture Gets BiggerVoice Biometrics: The Big Picture Gets Bigger
Voice Biometrics: The Big Picture Gets Bigger
 

Último

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 

Último (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 

Beyond Passwords: FIDO (Fast IDentity Online) and the Larger Market for Strong Authentication

  • 1. PayPal TM Michael Barrett, CISM, CISSP Chief Information Security Officer Voice  Biometrics  Conference   May  8,  2013  
  • 2. Opportunity for Better Authentication is Upon Us Passwords Just Do Not Work… For Users For Organizations Painful to Use   •  25  Accounts   •  8  Logins  /  Day   •  6.5  Passwords   Difficult to Secure •  $5.5M / Data Breach •  $15M / PWD Reset •  $60+ / Token For the Ecosystem Impossible to Scale •  Fragmented •  Inflexible •  Slow to Adopt
  • 3. Common experiences related to authentication failure (respondents who say it happened to them one or more times over the past 2 years) Users are frustrated - password complexity requirements working against them instead of supporting them Experiences with Identity and Authentication
  • 4. JUST EASY SECURE & EASY JUST BAD HighSecurityLow UNPLEASANT Low HighUsability Security is not a Continuum…
  • 5. DO YOU REALLY WANT YOUR REFRIGERATOR TO KNOW YOUR PAYPAL PASSWORD? Do You Really Want Your Refrigerator to Know Your PayPal Password?
  • 7. 0 20 40 60 80 100 120 2006 2007 2008 2009 2010 2011 2012 Authentication Vendors Increasing Options
  • 8. Authentication Standards Combined with Advances in Biometrics Provide a New Path Forward
  • 9. How FIDO Works FIDO Authenticators Website Browser FIDO Plugin Device Specific Module 6 4 1 2 3 5 Validation Cache secret secrets refresh Vendor Tokens FIDO Repository
  • 10. •  User picks their own token type •  User decides when/if to bind their token to their account •  Existing tokens (like finger) can be used by downloading the FIDO plugin •  User can download the plugin from various sites •  User could have a PIN-protected USB drive to use while travelling The FIDO “User” Experience
  • 11. Please say your passphrase to log into your account Speak Voice Experience
  • 14. Ø The Internet needs better authentication, now Ø Stronger authentication is not “better authentication” Ø An industry standards based approach is the only viable way forward Ø “Whether you believe you can do a thing, or not, you are right” (Henry Ford)
  • 15. Michael Barrett, CISM, CISSP Chief Information Security Officer mbarrett@paypal.com PayPal TM Thank You for Your Time!