How Do We Remain Secure Online?

There were 157,525 security incidents reported in 2019. How secure are your login metrics? The … Read more How Do We Remain Secure Online?

There were 157,525 security incidents reported in 2019. How secure are your login metrics?

How Do We Remain Secure Online?

The Complete Guide to AUTHENTICATION МЕТНODS Hackers attack every 39 seconds HOW DO WE REMAIN SECURE ONLINE? AUTHENTICATION & Online Gecurity In 2018, 81% of security incidents were tied to stolen or weak passwords Breaches will only increase, until we change our approach to authentication In 2019, 157,525 3,950 security incidents confirmed data breaches WHAT IS AUTHENTICATION & WHY IS IT IMPORTANT? AUTHENTICATION Verifies that an individual is who they claim to be When your user authentication isn’t secure, cybercriminals can bypass the system – Confirms that person should be granted access taking whatever information they want In 2020, 15 billion stolen credentials for sale on the dark web AUTHENTICAȚION METHODS: Security & Convenience Very Weak Relies on a “shared secret” known to user and service provider PASSWORDS & SECURITY QUESTIONS Users responsible for protecting and remembering multiple passwords Answers to security questions are often readily available online Weak Confirms identity by calling a registered phone number OUT-OF- BAND VOICE Voice calls are easily intercepted or redirected Requires user to have a second device and be available to answer call Medium One-time code sent through SMS, push notifications, or email TIME-BASED ONE-TIME PASSWORDS Codes expire after a short period of time – enhancing security Vulnerable to SIM hijacking, malware, and notification flooding attacks BIOMETRICS High Hard to fake – though some tech has issues with false positives No password to remember and no extra steps for end-user Only secure if biometric data is stored locally and protected by TPM/Enclave The Problem WITH LEGACY MULTI-FACTOR AUTHENTICATION MULTI-FACTOR Varies Requires two or more authentication methods to login AUTHENTICATION Most often combines a password and a one-time code (MFA) Strength of security depends on the weakest factor used Pinned Tweet In July 2020, Elon Musk O @elonmusk · 4m I’m feeling generous because of Covid-19. hackers took over the verified twitter I’l double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there! accounts – offering to double their value if people sent them bitcoin bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wih O 2.1K t7 2.1K O 7.3K Targets included 000000 Joe Biden Jeff Bezos Barack Obama Elon Musk Michael Bloomberg Warren Buffett Many of the compromised accounts used multi-factor authentication – But attackers were able to intercept the one-time codes MORE FACTORS DOESN’T MEAN More Gecure Though widely used, TWO-FACTOR AUTHENTICATION SMS authentication codes aren’t encrypted and can be easily intercepted IS EASILY SPOOFED Encrypted instant messaging apps may send to multiple devices at once BIOMETRICS BUT, IF THE DATA CAN BE HIGHLY IS COMPROMISED, EFFECTIVE people can’t simply change their fingerprints or face – making it a high-value target for attack MORE FACTORS More Problems Multi-factor authentication creates headaches for users JUMPING REMEMBERING ACTING BEFORE BETWEEN PASSWORDS ONE-TIME CODES Most approaches still rely on a shared secret – which can DEVICES EXPIRE be compromised by the user or an attack on the server Username & password Security questions One-time codes Lack of usability is likely to erode compliance with password best-practices – further compromising security ASYMMETRIC CRYPTOGRAPHY ASYMMETRIC CRYPTOGRAPHY LEVERAGED BY CERTIFICATES IS Used in TLS/HTTPS to secure trillions of dollars of transactions daily. ALREADY UNIVERSALLY TRUSTED CERTIFICATES A BETTER APPROACH TO Authentication End-user granted easy accesses without remembering a password Certificate-based Utilizes multiple criteria to determine if an attempt is valid: authentication eliminates the need for passwords – reducing the chance of user-error, user identity, device security or needing a second device posture, biometrics, IP address, and geolocation for authentication phishing attacks, or hacked password databases “There is no doubt that over time, people are going to rely less and less on passwords” – Bill Gates Co-founder of Microsoft WE CAN HAVE IMMENSELY SECURE AUTHENTICATION THAT IS ALSO EASIER FOR EVERYONE TO USE Sources: – Eliminating passwords is a reality today cxl.com/ blog/password-ux beyondidentity.com/technology entrepreneur.com/article/309054 swoopnow.com/user-authentication enterprise.verizon.com/resources/?page=D1 pages.nist.gov/800-63-3/sp800-63b.html searchsecurity.techtarget.com/definition/PKI Presented by: BEYOND IDENTITY whatis.techtarget.com/definition/behavioral-biometrics cnet.com/news/gates-predicts-death-of-the-password okta.com/blog/2019/02/the-ultimate-authentication-playbook theatlantic.com/sponsored/ibm-2018/beyond-passwords/1859 latimes.com/archives/la-xpm-1995-08-19-fi-36656-story.html searchsecurity.techtarget.com/definition/one-time-password-OTP welivesecurity.com/2017/05/04/short-history-computer-password searchsecurity.techtarget.com/definition/out-of-band-authentication securitymagazine.com/articles/87787-hackers-attack-every-39-seconds ftc.gov/enforcement/cases-proceedings/refunds/equifax-data-breach-settlement DEVELOPED BY N NOWSOURCING thesslstore.com/blog/what-is-pki-a-crash-course-on-public-key-infrastructure-pki csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html allthingsauth.com/2018/02/27/sms-the-most-popular-and-least-secure-2fa-method csoonline.com/article/3339565/what-is-biometrics-and-why-collecting-biometric-data-is-risky.html csoonline.com/article/3444488/equifax-data-breach-faq-what-happened-who-was-affected-what-was-the-impact.html forbes.com/sites/daveywinder/2020/07/08/new-dark-web-audit-reveals-15-billion-stolen-logins-from-100000-breaches-passwords-hackers-cybercrime SECURITY SECURITY SECURITY SECURITY SECURITY


Categories: Infographics


Leave a Reply

Your email address will not be published. Required fields are marked *