The search for a secure way to authenticate users’ identities to use systems is seemingly unending. Passwords appear to be cheap but password management can be expensive and passwords have well known risks that are still ignored. Risk based authentication where the authentication mechanism is dynamically chosen based on the level of risk has been widely promoted but involves extra costs and complexities. The increasing use of cloud, social and mobile adds extra risks and difficulties. This block of sessions will provide an update and advice on this complex area.
Continuing Education Credits
Advance Preparation: None
Learning Level: Intermediate
Field: Computer Science
After attending this block of sessions you will be able to:
- Describe what is new on the authentication scene and how this can help your organization face the challenges of cloud, mobile and social computing.
- Explain how can we use the latest advances in pattern and image recognition for example, to ensure that a secret remains a secret during the authentication process.
- Describe the latest work on authentication standards and mechanisms from the FIDO (Fast IDentity Online) alliance.
This block qualifies for up to 2 Group Learning based CPEs depending on the number of sessions you attend.
Authentication Trends – will Wearables take us _BAC to the Future?
In the seemingly unending search to find the next generation of devices and methods to replace passwords as authentication mechanisms, the various x-Based Access Control (Rules, Roles, Attributes, Context, etc.) which had been projected by one pundit or another to be the “killer app”
for secure access may be getting a run for their money from wearable, biometrics-based, token issuing devices. Join us to find out what’s new and what we recommend for today’s connected agile business.
Do We Need To Put Secrecy Back In To Security? The Reinvention of Authentication
In this discussion we will all work together to re-invent authentication.
Why? Because the industry has been adding more and more layers of complexity to the authentication process and rather than making our environments more secure it is having the opposite effect.
Utopia is an authentication process that is simple, memorable and secure, but existing methods of identification used by the majority of organisations, all lack at least one of these vital components.
So, with this in mind what should be the basis of our brave new world? Passwords offer simple way to authenticate, but with so many it is impossible to remember them all. So, we use the same password for multiple resources and rarely if ever change them, thus compromising their security. What is more, whilst password security is relatively low-cost to implement the cost of managing password resets can be expensive, with one financial services business reporting an annual cost at £331,200.
What about hard-tokens? After all, millions of pounds have been invested in them by vendors and end-users over the years, and the mighty Google has been recently touting the future of universal hard-token. Yes these deliver a higher standard of security than a PIN or password, but they are cost prohibitive for the majority of organisations and they are far from simple, especially for the user who will inevitably need to log on when they don’t have the device to hand.
The fundamental problem with all the vast majority of authentication methods being used today is that they ask you to keep a secret, but each time you want to logon you need to give it away, which means it is no longer a secret! What is more the company stores these secrets and if they are lost or stolen such as the recent Adobe incident, the repercussions can be lasting and severe.
So, if we are going to re-invent authentication here today we are going to need to use our brains, and I mean literally. We need to look at authentication with fresh eyes. How can we use the latest advances in pattern and image recognition for example, to ensure that a secret remains a secret during the authentication process.