Chris Calderon – February 2016 MIS 534 Information Security Management.

Slides:



Advertisements
Similar presentations
Achieving online trust through Mutual Authentication.
Advertisements

Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
1 Federated Identity and Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 15, 2013
Problems With Centralized Passwords Dartmouth College PKI Lab.
Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.
All rights reserved © 2005, Alcatel Risk Awareness in Enterprise IT Processes and Networks  Dr. Stephan Rupp.
Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.
Authentication. Terminology  Authentication التثبت من الهوية  Access Control (authorization) التحكم في الوصول  Note the difference between the two.
Certificate and Key Storage Tokens and Software
The Office of Information Technology Two-Factor Authentication.
Technology Security Risk Management. Technology Security Risks 1. Data Confidentiality risk 2. System Integrity risk 3. System Availability risk 4. Customer.
© Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.
Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Author of Record Digital Identity Management Sub-Workgroup October 24, 2012.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Securing Information Systems
Cloud Security Julian Lovelock VP, Product Marketing, HID Global.
© NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Private and Confidential. Levels of Identity Verification Is this person who they claim to be? Knowledge based Authentication Is this a real identity?
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Google Wallet By: Amanda Tazbaz ITMG 10. How it works ● Download application on Android smartphone ● Set up payment information ● Shop in store ● Click.
1 Using EMV cards for Single Sign-On 26 th June st European PKI Workshop Andreas Pashalidis and Chris J. Mitchell.
, Josef NollNISnet NISnet meeting Mobile Applied Trusted Computing Josef Noll,
Security PS Evaluating Password Alternatives Bruce K. Marshall, CISSP, IAM Senior Security Consultant
Single Sign-On
PREPARED BY: SYAIDATUL SYAZANA BT PAUZI INTRODUCTION What is the definition of Phishing Hacking.
Operating System Security Fundamentals Dr. Gabriel.
Windows CardSpace Martin Parry Developer Evangelist Microsoft
Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?
NIST E-Authentication Technical Guidance Bill Burr Manager, Security Technology Group National Institute of Standards and Technology
“The FIDO Alliance Today”
Codes & Ciphers Ltd 12 Duncan Road Richmond, Surrey TW9 2JD Information Security Group Royal Holloway, University of London Egham, Surrey TW20 0EX Impersonation.
Problems With Centralized Passwords Dartmouth College PKI Lab.
Strong Authentication Infrastructure Requirement: Trusted Input Devices National ID Workshop Carnegie Mellon University November 28, 2001 Lark M. Allen.
Securing Online Banking By Ben White CS 591. Who Federal Financial Institutions Examination Council What To authenticate the identity of retail and commercial.
Policies and Security for Internet Access
LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.
Gmail Password Recovery Process Find Gmail technical support for Gmail password recovery, recover Gmail password, reset Gmail password, change Gmail password,
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Password Theft By: Markie Jones. Road Map Do’s Do Not’s What can someone do with it? How do they get it? Who’s most at risk? When & Where are consumers.
Innovation is Our Passion Online Banking Past, Present and Future.
Information Systems Design and Development Security Precautions Computing Science.
Joe Knight’s Company VPN Policy. What is VPN? Virtual Private Network (VPN) will allow you all as users to remote into the network from home or anywhere.
Enabling the Modern Workstyle with Windows 10 & Azure Active Directory Venkatesh Gopalakrishnan 2016 Redmond Summit | Identity Without Boundaries May 25,
A l a d d I n. c o m Strong Authentication and Beyond Budai László, IT Biztonságtechnikai tanácsadó.
Unit 4 Protecting Your Information Section C. Chapter 1, Slide 2Starting Out with Visual Basic 3 rd EditionIntroduction to ComputersUnit 4C – Protecting.
BuckeyePass Multi-Factor Authentication. 2 What is Multi-Factor Authentication? Adds a 2 nd layer of security Combines something you know with something.
SafeNet MobilePKI for BlackBerry® SSO solution, backed by strong MobilePKI-based security Name, Title.
2 Factor & Multi Factor Authentication
Secure Connected Infrastructure
Goodbye to Passwords.
PAYMENT GATEWAY Presented by SHUJA ASHRAF SHAH ENROLL: 4471
 itunes is a kind of media player, media library and a online radio broadcaster and it is developed by the Apple inc.  Through the itunes user can.
Multifactor Authentication
SafeNet MobilePKI for BlackBerry® SSO solution, backed by strong MobilePKI-based security Name, Title.
Chapter 4 E-commerce Security and Payment.
Google 2 Step Verification Backup Codes Google 2 Steps Verification Backup Codes is very important to get access Gmail account. Backup codes is usually.
Office 365 Identity Management
Understanding IDENTITY Assurance
Multifactor Authentication & First Time Login
Staying safe on the internet
Introduction to Computers
Strong Password Authentication Protocols
Install AD Certificate Services
Zachary blum Sam Garcia Courtney Sullivan
Security in mobile technologies
Chapter Goals Discuss the CIA triad
Presentation transcript:

Chris Calderon – February 2016 MIS 534 Information Security Management

* Problems with passwords * Security risks * Authentication methods * The future - FIDO * Questions/Comments * “Anyone who’s ever clicked on a ‘forgot your password?’ on a website or in an app – read: every single one of us – thinks there’s gotta be a better way. There is.” (CIO.com – Aug – 2015)

* Too many, too long * Users don’t remember them * Users lack faith in passwords * Infrastructure to manage passwords * “Only 30% of users are confident that their passwords will protect the security of their online accounts.”(Telesign Consumer Account Security Report – June 2015) * Telesign Consumer Account Security Report – June 2015) * N = 2,020; US & UK

* Weak passwords, lack of policies * Using the same passwords on multiple accounts – Domino Effect * Frequency of password changes * Password sharing * Shoulder surfing * Password storage * “You don't need mad hacking skills to crack Password1, Hello123 and password – 86% of hackers surveyed at Black Hat said they weren't worried about being busted at any rate.” (Network World.com – Aug 2014) * Network World.com –Aug 2014 * Top10 Corporate Environment Passwords

* ID & password authentication * Biometric authentication devices & system * Enterprise single sign-on (SSO) * Public Key Infrastructure (PKI) and digital certificate * Security Token and smart card * 2FA & Multi-factor authentication * Knowledge, possession, inherent, location and time. * “With the approach used by Google, Apple, and Microsoft, two-step verification combines the first two of these factors—something known only by the user, which is the account password, and something that only the user possesses, such as the smartphone or land line telephone.” (SecSign Technologies – Nov 2014) * SecSign Technologies – Nov 2014; 2FA: two factor authentication

* Fast Identity Online (FIDO) Alliance * non-profit founded in July 2012 and publicly announced in February 2013 * FIDO Members * Google, Samsung, Microsoft, Bank of America, Amex, MasterCard, Visa, etc. * FIDO Protocol Standards * “The FIDO method is more secure than current methods because no password of identifying information is sent out; instead, it is processed by software on the end user's device that calculates cryptographic strings to be sent to a login server.” (TechTarget.com – May 2014)

References: * * * report/ report/ * Report-2015-FINAL.pdf Report-2015-FINAL.pdf * * * multifactor-authentication multifactor-authentication * * * * * *

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.