Multifactor Authentication
Download as PPTX, PDF2 likes3,054 views
The document discusses the importance of multifactor authentication (MFA), including its history, common risks, and challenges for businesses and technical implementation. It highlights the need for compliance with regulatory standards and and presents new features in systems like Windows and iOS that enhance password security. The conclusion emphasizes understanding business data security, entry points, and the financial impact of cybercrime.
Multifactor Authentication
- 1. #mfa_uncovered Multifactor Authentication Ronald Isherwood Kevin Miller @virtualfat @millzee69
- 2. Who? – Ronnie Isherwood Technology evangelist, presenter, author & editor Chairman (BCS Jersey) Founder (Jersey Techfair) #mfa_uncovered
- 3. Who? – Kevin Miller Founder / Director Consultant #mfa_uncovered
- 4. Agenda • Why do we need authentication? • A brief history of authentication • What is Multi-factor (MFA) authentication? • Common authentication risks • MFA Challenges • MFA in the cloud or on premise • What’s next • Compliance and Reporting • MFA Conclusion • Q&A #mfa_uncovered
- 5. Why do we need authentication? #mfa_uncovered
- 6. Brief Authentication History 6 • The Compatible Time-Sharing System (CTSS) – Worlds first computing password Fernando Corbato Photo: MIT Museum #mfa_uncovered
- 7. Brief Authentication History 7 #mfa_uncovered • 1996 Secure Dynamics acquired RSA Data Security & RSA SecurID firmly established as Global Leader • 1986 – the first SecurID 2fa card sold! • Allan Scherr - credited with the earliest documented case of password theft in 1962 On March 17, 2011, RSA's SecurID compromised!
- 8. What is Multi-factor authentication? #mfa_uncovered
- 9. Common authentication risks #mfa_uncovered 9 •One password to rule them all: •Malicious Software •Man in the browser attack •Man in the middle attack •Account recovery
- 10. MFA Challenges 10 – Business challenges: - The business may think that because there’s never been a security breach, there’s no need for it. – Cost? - User acceptance, overcoming resistance – Cost? - Supporting processes already in place, are new ones required? – Cost? - Initial increased support calls – Cost? - commitment to ongoing maintenance & training – Cost? #mfa_uncovered
- 11. MFA Challenges 11 – Technical challenges to consider - Hardware and software requirements - Implementation, training and maintenance – POC, staff, configuration and acceptance testing, - Requires knowledge of systems being protected – OWA, Citrix Storefront, Vmware, RDP, websites etc…. - Scalability, high availability and disaster recovery - Post administration, device and user management - Reporting #mfa_uncovered
- 12. MFA in the cloud or on premise 12 #mfa_uncovered
- 13. What's next? – Windows 10 13 • Windows 10 new features: – Windows Hello - Face recognition - Requires camera such as Intel RealSense 3D Camera (F200) – Windows Passport - helps securely authenticate to applications, websites and networks on your behalf, no password sent #mfa_uncovered
- 14. What's next? – iOS 9 & OS X 10.11 14 • Apple is introducing a revamped two-factor authentication system #mfa_uncovered
- 15. Compliance & Reporting 15 • MFA - part of the solution when applications have regulatory requirements such as: – NIST 800-63 Level 3, HIPAA, PCI DSS • Is it monitored? • Is there alerting? • Logs kept and for how long? • Systems policies enforced? #mfa_uncovered
- 17. MFA Conclusion 17 • Understand your business – Your data - Secure data at its source (database), file server & email – Entry points - The weakest link is the Achilles heel – Using integral or cloud solution, decide level of responsibility. - Consider risks, reputation, costs and compliance. #mfa_uncovered • £260b+ Globally lost (annually) to cybercrime • of which the UK accounts for 10%!
- 19. Questions? Thank you! #mfa_uncovered Ronnie Isherwood Kevin Miller @virtualfat @millzee69