The password is currently the most commonly used way to identify a user. It does not, however, have the level of security required to protect sensitive information.
The addition of new identification factor allows to solve this problem. But what, where, when do you have them? In this session we'll see the concepts of strong authentication, the introduction of alternative free or low cost second-factor identification.
2. ABOUT ME
PHILIPPE GAMACHE
HI I’M PHILIPPE
I’m a Developer Evangelist for kuzzle.io.
Long-time internet developer, author,
screen caster, podcaster and speaker. I’m
specializes in PHP, Symfony, Kuzzle,
security, code quality, performance, real
time and geolocation.
• Sécurité PHP 5 et MySQL 5
• OWASP Montreal
• PHP Quebec
• Table Top Game Developer
• Pen & Paper RPG Writer
6. AGENDA
• Authentication vs Authorization
• Authentication's Problems
• The solutions
• Strong Authentication
• Solutions for all budgets
7. AUTHENTICATION VS AUTHORIZATION
• Authentication
• Procedure that verifies the identity of an entity (person, computer ...)
to allow access to resources (systems, networks, applications ...)
• Authorization
• Procedure that allows access to resources only to those authorized to
use.
AUTHORIZATION
9. • People use easy to find password
• Easily give their passwords to
strangers
• without reason
• 45 % of woman1
• 10 % of man1
• For a chocolate bar
• 64 % of people1
• 21% have 10+ years old
password2
• 47% have 5+ years old password2
• 73% use duplicated password2
• 54% have 5 or fewer passwords
across the entire life2
• On average, only 6 unique
passwords are used to guard 24
online account2
BROKEN PASSWORD
THE HUMAN FACTOR
1 Infosec Europe Conference 2008
2 TeleSign Customer Account Security Report 2015
10. – Chris Nickerson - Exotic Liability #37
“In the middle of talking to him, he gives me, is online banking
username and password.”
11. – Chris Nickerson - Exotic Liability #37
“In the middle of talking to him, he gives me, is online banking
username and password.”
21. STRONG AUTHENTICATION
• Method of computer access control;
• User is granted access;
• After successfully presenting several separate pieces of evidence
MULTI-FACTOR AUTHENTICATION