2018 12-07 tokyo-seminar Brett McDowell
•
0 recomendaciones•200 vistas
TOKYO Seminar 2018 Executive Director Brett McDowell
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Similar a 2018 12-07 tokyo-seminar Brett McDowell
Similar a 2018 12-07 tokyo-seminar Brett McDowell (20)
Más de FIDO Alliance
Más de FIDO Alliance (20)
Último
Último (20)
2018 12-07 tokyo-seminar Brett McDowell
- 1. All Rights Reserved | FIDO Alliance | Copyright 20171 TOKYO SEMINAR, DECEMBER 2018 FIDO Alliance VISION and UPDATES BRETT MCDOWELL EXECUTIVE DIRECTOR
- 2. All Rights Reserved | FIDO Alliance | Copyright 20182 Data breaches in 2016 that involved weak, default, or stolen passwords (VDBR) 81% Phishing attacks were successful in 2016 (VDBR) Breaches in 2017, a 45% increase over 2016 (ITRC) 1 IN 14 1,579 Annual cost to a large organization for password resets (Forrester) $1M/YR Of helpdesk calls are for password resets (at $70/reset) Password-driven cart abandonment rate (Visa) 20-50% 49% MEASURING THE COST OF PASSWORDS
- 3. All Rights Reserved | FIDO Alliance | Copyright 20183 FIDO Alliance is the global industry collaboration dedicated to solving the password problem …with no dependency on “shared secrets”
- 4. Open Standards Public Key Cryptography Single Gesture Phishing Resistant MFA All Rights Reserved | FIDO Alliance | Copyright 20184 SECURITY USABILITY Poor Easy WeakStrong
- 5. All Rights Reserved | FIDO Alliance | Copyright 20185 OLD AUTHENTICATION WITH PASSWORDS DeviceSomething Authentication Internet Password could be stolen from the server 1Password might be entered into untrusted App / Web- site (“phishing”) 2 Too many passwords to remember (>re-use / cart Abandonment) 3 Inconvenient to type password on phone 4
- 6. All Rights Reserved | FIDO Alliance | Copyright 20186 NEW AUTHENTICATION WITH FIDO AuthenticatorUser verification FIDO Authentication Require user gesture before private key can be used Challenge (Signed) Response Private key (handle) per account Public key No secrets stored on the server 1 Authenticator cannot be “tricked” by phishing 2 Nothing to remember, no friction added to transaction process 3 Single gesture convenience for User 4
- 7. All Rights Reserved | FIDO Alliance | Copyright 20187 FIDO SPECIFICATIONS (2014 – 2018) Passwordless Experience (UAF & FIDO2) Authenticated Online 3 Biometric User Verification* 21 ? Authentication Challenge Authenticated Online 3 Second Factor Challenge Insert Security Key* / Press Button Second Factor Experience (U2F & FIDO2) *There are other types of authenticators 21
- 8. All Rights Reserved | FIDO Alliance | Copyright 20188 WHO IS USING FIDO TODAY? (Sample of deployments in production around the world)
- 9. All Rights Reserved | FIDO Alliance | Copyright 20189 BACKED BY CERTIFICATION (>500) • Functional Certification (End-to-End): • Conformance Testing • Interoperability Testing • Authenticator Security Certification Levels • How well do you protect the private key? • 3rd-party laboratory verification • Complimented by new Biometric Component certification • Universal Server: • Ensures compatibility with all FIDO Certified Authenticators
- 10. All Rights Reserved | FIDO Alliance | Copyright 201810 WHAT’S NEW?
- 11. *NEW* FIDO IS NOW AN ITU STANDARD All Rights Reserved | FIDO Alliance | Copyright 201811 x.1277 -- ITU ratification of FIDO UAF x.1278 -- ITU ratification of FIDO2 CTAP (includes CTAP1/U2F)
- 12. 12 *NEW* FIDO2 CERTIFICATIONS • The first 20+ FIDO2 Certified products were introduced September 26 • This week the latest FIDO2 Certified products were announced, including offerings from these companies based in Japan: All Rights Reserved | FIDO Alliance | Copyright 2018
- 13. All Rights Reserved | FIDO Alliance | Copyright 201813 *NEW* FIDO IS A W3C SPECIFICATION (CR) FIDO2 (CTAP & W3C Web Authentication)
- 14. All Rights Reserved | FIDO Alliance | Copyright 201814 *NEW* FIDO NOW IN THE WEB BROWSER & OS
- 15. All Rights Reserved | FIDO Alliance | Copyright 201815 *NEW* WELCOME YAHOO! JAPAN TO THE BOARD FIDO Board Level Leadership from Japan 2015.5~ 2017.5~Today
- 16. All Rights Reserved | FIDO Alliance | Copyright 201816 FIDO ALLIANCE BOARD MEMBERS BALANCE OF TECHNOLOGY & SERVICE COMPANIES Yahoo! Japan has become a Board member
- 17. All Rights Reserved | FIDO Alliance | Copyright 201817 IN SUMMARY… SECURE BY DESIGN Based on public key cryptography No server-side shared secrets Keys stay on device No 3rd party in the protocol Biometrics, if used, never leave device No link-ability between services or accounts
- 18. 18 IN SUMMARY… SECURE IN PRACTICE All Rights Reserved | FIDO Alliance | Copyright 2018 85,000 employees over 18 months No ATO’s from phishing since using FIDO
- 19. All Rights Reserved | FIDO Alliance | Copyright 201819 Internet Day 2018: “If I could start over again I would have introduced a lot more strong authentication and cryptography into the system. It is good to see new internet standards from FIDO Alliance and W3C filling that gap.” -- Vint Cerf, Co-Inventor of the Internet
- 20. All Rights Reserved | FIDO Alliance | Copyright 201820 THANK YOU WWW.FIDOALLIANCE.ORG