SlideShare a Scribd company logo

How To Make Mobile Apps Secure - Mobile login multifactor authentication.

Download as PPTX, PDF
CCS Global Tech
CCS Global Tech

Read more about Mobile Multifactor Authentication , User Login Security Website and Mobile security - Shared by Helm360.

1 of 15
Mobile Multifactor Authentication User Login Security How To Make Mobile Apps Secure Company Confidential Information
Poor Authentication on the Web Website and Mobile security are the most vulnerable area of IT security • 96% of all breached records were accessed from outside, often by using stolen login credentials or key loggers that capture passwords • Passwords are poor security: • People have too many to remember, choose weak passwords, use the same password on multiple sites • Vulnerable to key loggers, brute force attacks, dictionary attacks, etc. • Login credentials leaked from one site are used to access other sites • Challenge Questions are poor security • Tokens, Smart Cards, Biometrics are expensive, not practical for public- facing websites Company Confidential Information
How to Balance Security & Usability The need for strong security that is easy-to-use • Businesses sacrifice security in an effort to create a “frictionless” experience for online customers. • This leads to online fraud and identity theft ($221 Billion in fraud last year alone!), data breaches and other security compromises. • Businesses struggle to enforce strong authentication without burdening customers. These issues are compounding as people do more online interactions using mobile devices. Company Confidential Information
Image-Based Authentication Image-based authentication that creates a one-time password 1. The first time a user registers with a website or application they select a few categories to remember 2. Each time authentication is needed, they are presented with a grid of random images 3. The user identifies the images that fit their categories and enters the corresponding letters as their one-time password or PIN Company Confidential Information
Why Images Are Better Easy to remember o The human brain is better at remembering categories and images vs. strings of random A/N characters and symbols. o Independent study showed users were able to remember their image passwords with 100% success after 16 weeks. Only 40% of users remembered their text passwords. o Create a One-Time Password with every authentication vs. static A/N or site key image Guided Recall • When the user sees the Image Grid, the pictures help trigger their memory of which categories they chose. Device independent UI • Deploy on multiple devices PC, tablets, and Smart phones • Very easy to use – click/tap Company Confidential Information
Simple and Secure Image based Multifactor Authentication Company Confidential Information
Setup: User Selects 3 Categories Images = Multifactor Authentication Company Confidential Information
After Account is Setup: During User Login Categories and Associated Images are displayed for selection Company Confidential Information
User Selects Correct Images and Access to Application is Granted Secure User Access to Data Business Uses Logins - Replace passwords - Strengthen weak passwords • Password reset • Anti-Phishing • Replace challenge questions Company Confidential Information
Two Factor, Mobile Authentication • Most solutions send a one-time password as a text message. - If the phone is lost or stolen, any person can read the text and authenticate a fraudulent transaction. • Multifactor Authentication is more secure because it requires the user to authenticate on the phone by identifying their secret categories. • This is an additional security and process layer that ensures user authentication and access to applications and data. Company Confidential Information
KillSwitch Capability • In addition to choosing their secret categories for authentication, the user may choose one or more “No Pass” categories • Sends automatic alerts or locks the account if someone attempts to break in and taps one of the “Kill Switch” categories • An offensive technique that stops brute force attacks and can identify IP addresses that are attempting brute force attacks and hacking Company Confidential Information
EXAMPLES The pictures above represent examples of potential cross messaging. Wells Fargo has not yet implemented this solution. Logos, messages and images are flexible and can be customer defined. Company Confidential Information
Image Based Security Statistics Security Level 1: Safety Probability Highlighted Example: -For a 4x4 grid requiring 3 images the probability of breaking or guessing is 1:3,360 which provides a security level of 99.97023810%. Company Confidential Information
Multifactor Imaged Based Authentication adds to the security of your website and mobile application How To Make Mobile Apps Secure Thank You Company Confidential Information
Contact Information  Lee Mercado  Director, Technology Sales / HELM360  Phone: (858) 208-4140 | Cell: (603) 418-4584  13475 Danielson St, Suite 220 | Poway CA 92064 lee.mercado@helm360.com | www.helm360.com

Recommended

Ib final project
Ib final projectIb final project
Ib final projectManasi Deliwala
 
Wayfs and Strays - Jonathan Richardson
Wayfs and Strays - Jonathan RichardsonWayfs and Strays - Jonathan Richardson
Wayfs and Strays - Jonathan RichardsonEduserv
 
SmartCard Forum 2010 - Enterprise authentication
SmartCard Forum 2010 - Enterprise authenticationSmartCard Forum 2010 - Enterprise authentication
SmartCard Forum 2010 - Enterprise authenticationOKsystem
 
Password Manager: Detailed presentation
Password Manager: Detailed presentationPassword Manager: Detailed presentation
Password Manager: Detailed presentationHitachi ID Systems, Inc.
 
Mobile authentication
Mobile authenticationMobile authentication
Mobile authenticationHai Nguyen
 
Mobile minions
Mobile minionsMobile minions
Mobile minionsklibanow
 
The Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceThe Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceImperva
 
Image-Based Authentication from Confident Technologies
Image-Based Authentication from Confident TechnologiesImage-Based Authentication from Confident Technologies
Image-Based Authentication from Confident TechnologiesConfident Technologies
 

Recommended

Ib final project
Ib final projectIb final project
Ib final projectManasi Deliwala
 
Wayfs and Strays - Jonathan Richardson
Wayfs and Strays - Jonathan RichardsonWayfs and Strays - Jonathan Richardson
Wayfs and Strays - Jonathan RichardsonEduserv
 
SmartCard Forum 2010 - Enterprise authentication
SmartCard Forum 2010 - Enterprise authenticationSmartCard Forum 2010 - Enterprise authentication
SmartCard Forum 2010 - Enterprise authenticationOKsystem
 
Password Manager: Detailed presentation
Password Manager: Detailed presentationPassword Manager: Detailed presentation
Password Manager: Detailed presentationHitachi ID Systems, Inc.
 
Mobile authentication
Mobile authenticationMobile authentication
Mobile authenticationHai Nguyen
 
Mobile minions
Mobile minionsMobile minions
Mobile minionsklibanow
 
The Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceThe Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceImperva
 
Image-Based Authentication from Confident Technologies
Image-Based Authentication from Confident TechnologiesImage-Based Authentication from Confident Technologies
Image-Based Authentication from Confident TechnologiesConfident Technologies
 
Confident Technologies Presentation for Fiserv
Confident Technologies Presentation for FiservConfident Technologies Presentation for Fiserv
Confident Technologies Presentation for FiservConfident Technologies
 
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeNo More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeCore Security
 
A Better Method of Authentication
A Better Method of AuthenticationA Better Method of Authentication
A Better Method of AuthenticationOsterman Research, Inc.
 
Securing the Digital Enterprise
Securing the Digital EnterpriseSecuring the Digital Enterprise
Securing the Digital EnterpriseCybersecurity Education and Research Centre
 
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Core Security
 
FrontOne our new and different solutions
FrontOne our new and different solutionsFrontOne our new and different solutions
FrontOne our new and different solutionsfrontone
 
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication Precisely
 
The Best Shield Against Ransomware for IBM i
The Best Shield Against Ransomware for IBM iThe Best Shield Against Ransomware for IBM i
The Best Shield Against Ransomware for IBM iPrecisely
 
Security 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iSecurity 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iPrecisely
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" mycroftinc
 
Portal Protection Using Adaptive Authentication
Portal Protection Using Adaptive AuthenticationPortal Protection Using Adaptive Authentication
Portal Protection Using Adaptive AuthenticationSecureAuth
 
#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security model#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security modelMicro Focus
 
Eds user authenticationuser authentication methods
Eds user authenticationuser authentication methodsEds user authenticationuser authentication methods
Eds user authenticationuser authentication methodslapao2014
 
5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!Caroline Johnson
 
Secure Salesforce: Org Access Controls
Secure Salesforce: Org Access ControlsSecure Salesforce: Org Access Controls
Secure Salesforce: Org Access ControlsSalesforce Developers
 
Risk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure WorldRisk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure WorldForte Advisory, Inc.
 
Addressing Password Creep
Addressing Password CreepAddressing Password Creep
Addressing Password CreepDigitalPersona
 
Security&reliability
Security&reliabilitySecurity&reliability
Security&reliabilitycaca1009
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365SecureAuth
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityGlobalSign
 

More Related Content

Similar to How To Make Mobile Apps Secure - Mobile login multifactor authentication.

Confident Technologies Presentation for Fiserv
Confident Technologies Presentation for FiservConfident Technologies Presentation for Fiserv
Confident Technologies Presentation for FiservConfident Technologies
 
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeNo More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeCore Security
 
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Core Security
 
FrontOne our new and different solutions
FrontOne our new and different solutionsFrontOne our new and different solutions
FrontOne our new and different solutionsfrontone
 
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication Precisely
 
The Best Shield Against Ransomware for IBM i
The Best Shield Against Ransomware for IBM iThe Best Shield Against Ransomware for IBM i
The Best Shield Against Ransomware for IBM iPrecisely
 
Security 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iSecurity 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iPrecisely
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" mycroftinc
 
Portal Protection Using Adaptive Authentication
Portal Protection Using Adaptive AuthenticationPortal Protection Using Adaptive Authentication
Portal Protection Using Adaptive AuthenticationSecureAuth
 
#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security model#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security modelMicro Focus
 
Eds user authenticationuser authentication methods
Eds user authenticationuser authentication methodsEds user authenticationuser authentication methods
Eds user authenticationuser authentication methodslapao2014
 
5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!Caroline Johnson
 
Secure Salesforce: Org Access Controls
Secure Salesforce: Org Access ControlsSecure Salesforce: Org Access Controls
Secure Salesforce: Org Access ControlsSalesforce Developers
 
Risk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure WorldRisk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure WorldForte Advisory, Inc.
 
Addressing Password Creep
Addressing Password CreepAddressing Password Creep
Addressing Password CreepDigitalPersona
 
Security&reliability
Security&reliabilitySecurity&reliability
Security&reliabilitycaca1009
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365SecureAuth
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityGlobalSign
 

Similar to How To Make Mobile Apps Secure - Mobile login multifactor authentication. (20)

Confident Technologies Presentation for Fiserv
Confident Technologies Presentation for FiservConfident Technologies Presentation for Fiserv
Confident Technologies Presentation for Fiserv
 
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeNo More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
 
A Better Method of Authentication
A Better Method of AuthenticationA Better Method of Authentication
A Better Method of Authentication
 
Securing the Digital Enterprise
Securing the Digital EnterpriseSecuring the Digital Enterprise
Securing the Digital Enterprise
 
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
 
FrontOne our new and different solutions
FrontOne our new and different solutionsFrontOne our new and different solutions
FrontOne our new and different solutions
 
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
 
The Best Shield Against Ransomware for IBM i
The Best Shield Against Ransomware for IBM iThe Best Shield Against Ransomware for IBM i
The Best Shield Against Ransomware for IBM i
 
Security 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iSecurity 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM i
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise"
 
Portal Protection Using Adaptive Authentication
Portal Protection Using Adaptive AuthenticationPortal Protection Using Adaptive Authentication
Portal Protection Using Adaptive Authentication
 
#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security model#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security model
 
Eds user authenticationuser authentication methods
Eds user authenticationuser authentication methodsEds user authenticationuser authentication methods
Eds user authenticationuser authentication methods
 
5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!
 
Secure Salesforce: Org Access Controls
Secure Salesforce: Org Access ControlsSecure Salesforce: Org Access Controls
Secure Salesforce: Org Access Controls
 
Risk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure WorldRisk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure World
 
Addressing Password Creep
Addressing Password CreepAddressing Password Creep
Addressing Password Creep
 
Security&reliability
Security&reliabilitySecurity&reliability
Security&reliability
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
 

How To Make Mobile Apps Secure - Mobile login multifactor authentication.

  • 1. Mobile Multifactor Authentication User Login Security How To Make Mobile Apps Secure Company Confidential Information
  • 2. Poor Authentication on the Web Website and Mobile security are the most vulnerable area of IT security • 96% of all breached records were accessed from outside, often by using stolen login credentials or key loggers that capture passwords • Passwords are poor security: • People have too many to remember, choose weak passwords, use the same password on multiple sites • Vulnerable to key loggers, brute force attacks, dictionary attacks, etc. • Login credentials leaked from one site are used to access other sites • Challenge Questions are poor security • Tokens, Smart Cards, Biometrics are expensive, not practical for public- facing websites Company Confidential Information
  • 3. How to Balance Security & Usability The need for strong security that is easy-to-use • Businesses sacrifice security in an effort to create a “frictionless” experience for online customers. • This leads to online fraud and identity theft ($221 Billion in fraud last year alone!), data breaches and other security compromises. • Businesses struggle to enforce strong authentication without burdening customers. These issues are compounding as people do more online interactions using mobile devices. Company Confidential Information
  • 4. Image-Based Authentication Image-based authentication that creates a one-time password 1. The first time a user registers with a website or application they select a few categories to remember 2. Each time authentication is needed, they are presented with a grid of random images 3. The user identifies the images that fit their categories and enters the corresponding letters as their one-time password or PIN Company Confidential Information
  • 5. Why Images Are Better Easy to remember o The human brain is better at remembering categories and images vs. strings of random A/N characters and symbols. o Independent study showed users were able to remember their image passwords with 100% success after 16 weeks. Only 40% of users remembered their text passwords. o Create a One-Time Password with every authentication vs. static A/N or site key image Guided Recall • When the user sees the Image Grid, the pictures help trigger their memory of which categories they chose. Device independent UI • Deploy on multiple devices PC, tablets, and Smart phones • Very easy to use – click/tap Company Confidential Information
  • 6. Simple and Secure Image based Multifactor Authentication Company Confidential Information
  • 7. Setup: User Selects 3 Categories Images = Multifactor Authentication Company Confidential Information
  • 8. After Account is Setup: During User Login Categories and Associated Images are displayed for selection Company Confidential Information
  • 9. User Selects Correct Images and Access to Application is Granted Secure User Access to Data Business Uses Logins - Replace passwords - Strengthen weak passwords • Password reset • Anti-Phishing • Replace challenge questions Company Confidential Information
  • 10. Two Factor, Mobile Authentication • Most solutions send a one-time password as a text message. - If the phone is lost or stolen, any person can read the text and authenticate a fraudulent transaction. • Multifactor Authentication is more secure because it requires the user to authenticate on the phone by identifying their secret categories. • This is an additional security and process layer that ensures user authentication and access to applications and data. Company Confidential Information
  • 11. KillSwitch Capability • In addition to choosing their secret categories for authentication, the user may choose one or more “No Pass” categories • Sends automatic alerts or locks the account if someone attempts to break in and taps one of the “Kill Switch” categories • An offensive technique that stops brute force attacks and can identify IP addresses that are attempting brute force attacks and hacking Company Confidential Information
  • 12. EXAMPLES The pictures above represent examples of potential cross messaging. Wells Fargo has not yet implemented this solution. Logos, messages and images are flexible and can be customer defined. Company Confidential Information
  • 13. Image Based Security Statistics Security Level 1: Safety Probability Highlighted Example: -For a 4x4 grid requiring 3 images the probability of breaking or guessing is 1:3,360 which provides a security level of 99.97023810%. Company Confidential Information
  • 14. Multifactor Imaged Based Authentication adds to the security of your website and mobile application How To Make Mobile Apps Secure Thank You Company Confidential Information
  • 15. Contact Information  Lee Mercado  Director, Technology Sales / HELM360  Phone: (858) 208-4140 | Cell: (603) 418-4584  13475 Danielson St, Suite 220 | Poway CA 92064 lee.mercado@helm360.com | www.helm360.com

Editor's Notes

  1. Image-based authentication from Confident Technologies is both highly secure and easy to use. It creates one-time passwords or PINs each time authentication is needed, yet it is easy and intuitive to use.
  2. When a user sees the ImageShield they recall the need to select their secret categories. A blank field for A/N provides no help or recall in the process.Sources: “Awase-e: photo-based user authentication system” by H. Koike, T. Takada and T. Onuki. “D´ej`a vu: a user study using images for authentication” by R. Dhamija and A. Perrig.
  3. The mobile phone is often used as a second authentication factor during highly sensitive online transactions. However, most solutions send the user a one-time password or PIN as a text message. If someone else is in possession of the phone, or using SMS-forwarding technology (also known as a Zeus-in-the-mobile attack), they can easily read the text and authenticate their own fraudulent transactions. Confident Multifactor Authentication is more secure because it requires the user to apply a piece of secret knowledge on the second factor device itself. This makes it a multi-layer, multifactor solution. The user simply taps the images that fit their secret categories on the smartphone. The entire authentication process remains completely out-of-band and the one-time password or PIN is essentially “hidden in plain sight.” Even if someone else gained physical or virtual possession of your phone, they would not be able to authenticate because they would not know the correct images to identify.