copyright © 2014 synaptics incorporated. all rights reservedpage 1 copyright © 2014 synaptics...
TRANSCRIPT
Copyright © 2014 Synaptics Incorporated. All Rights Reserved Page 1
Copyright © 2014 Synaptics Incorporated. All Rights Reserved. This information and any related goods and services are provided “as is.” Synaptics makes no representations or warranties, expressed or implied. Synaptics providing you information, goods or services does not, by itself, create any express or implied license under any patent, trade mark, trade secret, copyright, mask work right, or any other intellectual property right.
Copyright © 2014 Synaptics Incorporated. All Rights Reserved Page 1
"Are we ready to move beyond passwords?"
3/19/2014
Copyright © 2014 Synaptics Incorporated. All Rights Reserved Page 2
Landscape or Landslide?
Copyright © 2014 Synaptics Incorporated. All Rights Reserved Page 3
Copyright © 2014 Synaptics Incorporated. All Rights Reserved Page 4
Passwords
Too many to remember, difficult to type,and not secure
REUSED PHISHED KEYLOGGED
Copyright © 2014 Synaptics Incorporated. All Rights Reserved Page 5
Password and PIN: Harsh Reality
Source: XQCD
Copyright © 2014 Synaptics Incorporated. All Rights Reserved Page 6
Top 10,000
Top 1,000
Top 100
41%
91%
99.98%
Out of 6M passwords compromised during recent hacks
Source: xato.net Source: Forrester 2012
Copyright © 2014 Synaptics Incorporated. All Rights Reserved Page 7
Opportunity for Better Authentication is Upon Us
For Users For Organizations
Painful to Use
• 25 Accounts• 8 Logins / Day• 6.5 Passwords*
Difficult to Secure
• $5.5M / Data Breach• $15M / PWD Reset• $60+ / Token
For the Ecosystem
Impossible to Scale
• Fragmented• Inflexible• Slow to Adopt
* Reality?: 2 to 3 passwords variation
Copyright © 2014 Synaptics Incorporated. All Rights Reserved Page 8
Revenues & Risks = Money
Cart Abandonment• Mobile: Each additional screen increase cart abandonment by
15%• Average abandonment rate is: 65.23%• Amazon created the 1-click check out to solve this issue• Amazon’s Trailing 12 month revenue is $51.4B*. • Projected for mobile is $4B+ • No-show: Losing 15% of just mobile business would be $600M.• PayPal/eBay: $40B Mobile**; no-show TPV: $6B
Password Breach Cost Analysis:
• Merchants – $100bn - $250bn in fraud losses• FinanciaI Institutions – $12bn - $15bn in direct losses• Indirect costs of victimized users are higher yet
Source: *Yahoo Finance, **eBay Analyst Day report
Source: Forrester 2012
Copyright © 2014 Synaptics Incorporated. All Rights Reserved Page 9
One Time Codes
Improves security but not easy enough
SMS USABILITY
DEVICE USABILITY
USER EXPERIENC
E
STILL PHISHABL
ECoverage | Delay |
CostOne per site | Fragile User confusion Known attacks today
Copyright © 2014 Synaptics Incorporated. All Rights Reserved Page 10
MegatrendSimpler, Stronger Local Device Auth
PERSONAL DEVICES LOCAL LOCKINGNEW WAVE: CONVENIENT
SECURITY
Carry Personal Data Pins & Patterns todaySimpler, Stronger
local auth
Copyright © 2014 Synaptics Incorporated. All Rights Reserved Page 11
≈
≈
Digital Persona
Digital Services
≈
Shared Access / SSO ?Consumer Presence Validation
≈
Access Points
Copyright © 2014 Synaptics Incorporated. All Rights Reserved Page 12
So, what to do about it?
Copyright © 2014 Synaptics Incorporated. All Rights Reserved Page 13
Copyright © 2014 Synaptics Incorporated. All Rights Reserved Page 14
Clarifying Authentication
Source: NOK NOK LABS
Physical-to-digital identity
User Management
Authentication
Federation
SingleSign-On
IAS Authentication
Passwords Risk-BasedStrong
MODERNAUTHENTICATION
Copyright © 2014 Synaptics Incorporated. All Rights Reserved Page 15
Natural Security Alliance
Mobile Identity
NSTIC Identity
Copyright © 2014 Synaptics Incorporated. All Rights Reserved Page 16
THE OTHER HALF OF THE EQUATION
STRONG AUTH
PASSWORDSSSO/FEDERATION
First Mile Second Mile
SAML
OpenID
FIDO/Strong Auth Federation StandardsSOURCE: NOK NOK LABS
Copyright © 2014 Synaptics Incorporated. All Rights Reserved Page 17
Central Authentication
This… protects…
That… from…
your thankful hacker!!!!
Copyright © 2014 Synaptics Incorporated. All Rights Reserved Page 18
Distributed Authentication
This… protects…
That… for…
…Your unhappy hacker
Local key to RP…
Not linked to user from…
Copyright © 2014 Synaptics Incorporated. All Rights Reserved Page 19
Standards & FIDO AllianceChanging the world
Copyright © 2014 Synaptics Incorporated. All Rights Reserved Page 20
Copyright © 2014 Synaptics Incorporated. All Rights Reserved Page 21
Sebastien Taveau – BPD Chief Evangelist
+1 408 904 1154