User Authentication on Mobile Devices Google Two Factor Authentication OTP (One Time Password)

Slides:

Advertisements

Similar presentations

Setting the Course for the New Digital Economy. The Elements of the New Digital Economy Content and Services Growth of content and service consumption.

Advertisements

McAfee One Time Password

November 14, 2012 Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Detroit.

Smartphone and Mobile Device Security IT Communication Liaisons Meeting October 11, 2012 Theresa Semmens, CITSO.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Sophos Mobile Control SophSkills Session Name: Thomas Lippert – Product Management DPG Date: 17-Feb-2011.

Corporate File Sharing Solution CORPORATE DROP-BOX.

Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

6218 Mobile Devices- Are They Secure Enough for our Patient's Data? Presented By Aaron Hendriks, CISSP Other: Employee of University Health Network, Toronto,

Sophos Mobile Control. Tablets on the rise 2 Trends 3 75% of 157 polled companies encourage employee owned smart phones and tablets to access corporate.

INFORMATION TECHNOLOGY FOR MINNESOTA GOVERNMENT Christopher P. Buse Assistant Commissioner and CISO State of Minnesota Mobile Device Management Assessing.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

© Copyright IBSP – IBSP Hong Kong Ltd Internet Business Service Provider.

Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Two Factor Authentication (TFA) is a 100% Open Source, free to use security system for your Joomla site’s backend. Two Factor Authentication works in.

Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.

IPhone Security: Understanding the KeyChain Nicholis Bufmack and Ryan Thomas CS 691 Summer 2009.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

The Office of Information Technology Two-Factor Authentication.

Confidential Computer Systems Group HD Lock for Toshiba Notebook August 3rd, 2006.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Chantelle van der Merwe FORUM Credit Union Marketing Intern July 2011.

1 ZIXCORP The Criticality of Security Dena Bauckman Director Product Management April 2015.

Presentation By Deepak Katta

Chapter 10: Authentication Guide to Computer Network Security.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.

VeriSign® Identity Protection (VIP) Overview. 2 2 VeriSign Confidential Trust on the Internet is More Compelling Than Ever 1.5 billion Internet users.

Information Systems Security for the Special Educator MGMT 636 – Information Systems Security.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

 Security and Smartphones By Parker Moore. The Smartphone Takeover  Half of mobile phone subscribers in the United States have a smartphone.  An estimated.

© NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.

Staying Safe Online Keep your Information Secure.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite

Mobile Apps For Small Businesses Your customers are mobile. Is your business?

Access Marketing- Mobile Apps For Small Businesses Your customers are mobile. Is your business?

Mobilize employees, field workers, and business partners with layered security infrastructure for mobile apps, Fiori apps, content, and devices Andreas.

Convenience product security Collin Busch. What is a convenience product? A convenience product is a device or application that makes your life easier.

Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.

The rising standards of EU Mobile Payments October 2015 Jeremy King, International Director.

Topic 8 – Security Methods 1)TechMed scenario covers Security methods and devices, including biometrics In the scenario: Implied.

QR Codes at Crittenden Middle School We can make it work! In the classrooms In the classrooms In the hallways In the hallways In the library In the library.

Cybersecurity Test Review Introduction to Digital Technology.

VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.

HOTP IETF Draft David M’Raihi IETF Meeting - March 10, 2005.

30 Apps for Librarians Sana Moulder & Bryson Kopf.

©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Securing Your Data in Endpoint and Mobile Environments Frank Suijten Security.

Mobile Device Security Threats Christina Blakley Host Computer Security.

DeepDroid Dynamically Enforcing Enterprise Policy Manwoong (Andy) Choi

JUNOS PULSE Junos PULSE for Windows Junos PULSE Mobile Security Suite.

CDAC ITS Security Awareness How to help your daily computer activities remain safe and sane.

Home Business Shopping Online – Purchasing goods and services using the Internet.

Secure Quick Reliable Login ● SQRL pronounced “squirrel”. ● Acronym confusion – QR no longer stands for “Quick Response” two-dimensional bar codes. Optional.

2 Factor & Multi Factor Authentication

Mobile Operating Systems

DATA SECURITY FOR MEDICAL RESEARCH

Common Methods Used to Commit Computer Crimes

Introduction to Computers

Google 2 Step Verification Backup Codes Google 2 Steps Verification Backup Codes is very important to get access Gmail account. Backup codes is usually.

Scan this code with a QR reader to easily download the app.

Unit 1.6 Systems security Lesson 4

WIFI Mobile Video Door Phone Product Specification

6. Application Software Security

In the attack index…what number is your Company?

Orbilogin.com ORBI WIFI SYSTEM AC 3000(RBK50) Website: Toll Free:

Presentation transcript:

User Authentication on Mobile Devices Google Two Factor Authentication OTP (One Time Password)

What is Two Factor Authentication Most of us, use a single factor (password), typically 8 characters and easy to remember. Your password can be compromised by: Social Engineering Intrusion in the host It's written down somewhere Brute force hacking Phishing scheme Two factor provides a second key (password), previously using a "fob" or a smart card. Google has now implemented OTP, 6 digit second factor, using using mobile phones: SMS, voice message or generated by your phone (Android, BlackBerry or iPhone).

What Google Two Factor looks like Google has a check box to remember your location/s for 30 days. Either SMS or voice messaging 6 digit factor delivery.

Is Google Two Factor right for you Pros Simple to use Backup phone if primary is fails, lost or stolen Allows users to roam, to different systems/locations 10 emergency backup codes Automatic setup via QR code Support for multiple accounts Time and counter based code generation RFC 4226, 3548 (Seek for Android information, Home)RFC Seek for Android Home Cons Susceptible to man-in-the-middle and man-in-the-browser attacks Sys Admin overhead 10 emergency backup codes Application-specific passwords are required, for applications requiring a separate login pplication-specific passwords Can't be presently used with Google SSO enabled root access can overcome the JavaCard security mechanism

Two Factor Failures There haven't been reports of the actual two-factor algorithms or protocol hacked. Reports I'm aware of have made use of social engineering and/or password recovery processes. The question is "will cell phone users implement two-factor authentication", or is there an alternative? Bio-metrics, retina scan, finger print scan, facial recognition, Bio-impedance, etc. Why have users failed to adopt any of the security methods?

References RFC 4226RFC 4226 HOTP: An HMAC-Based One-Time Password Algorithm Seek for AndroidSeek for Android information: Secure Element Evaluation Kit for the Android platform 2-Step Authentication for Google Administrators An example of the RSA SecurID Fob, model RSA SID

App Stores Security What you download may be compromised!

State of the App Market Apple and Google control 80% of the App Market By the end of 2013 an estimated 50 Billion downloads There are over 1 million different Apps The summary doesn't consider Amazon and Barnes & Noble. Corporate sites offering downloads for they're flavor Apps, Developers, in all sizes and Apps Distributors. We have a chaotic marketplace depending on the participants "best efforts", to insure the end user privacy and security, as well as that of others (Companies who employ them, even ones they visit and use WiFi service).

What are the areas of concern? How trustworthy is the App Store? How trustworthy is the Developer? Can the user report issues found in the App? Who should get the report? Does the App use more permissions than needed? Does the App make connections to the Internet? Does the user need anti-virus, malware, etc.? Will this be an issue with BYOD?

BYOD Bring Your Own Device

Corporate Attitudes, Issues & Policies IT management is presently split regarding BYOD. A bit more than half allow employees to use their own devices. Given the recession IT budgets have been very tight, so it's an opportunity to avoid spending? The Operating Systems and CPUs are different than PCs does this provide a measure of protection? How can employees connect to the Company IT services: WiFi, Ethernet (Netbooks, Pads) and Smart Phone as a USB thumb drive? Do many companies have any policies regarding acceptable sources of Apps? A black list of Apps? a policy on connecting to the IT infrastructure?