you still use the password after all
play

You still use the password after all Exploring FIDO2 Security Keys - PowerPoint PPT Presentation

Dec 10, 2023 •457 likes •571 views

You still use the password after all Exploring FIDO2 Security Keys in a Small Company Florian M. Farke, Lennart Lorenz, Theodor Schnitzler, Philipp Markert, and Markus Drmuth Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020)

  1. “You still use the password after all” Exploring FIDO2 Security Keys in a Small Company Florian M. Farke, Lennart Lorenz, Theodor Schnitzler, Philipp Markert, and Markus Dürmuth Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020)

  2. WEB AUTHENTICATION VIA PASSWORDS Webserver Username + Password

  3. PHISHING OF PASSWORDS Attacker Username + Password Phishing Identity Theft

  4. FIDO2 → REPLACING PASSWORDS Webserver Phishing FIDO2 Authenticator

  5. FIDO2 “ PASSWORDLESS ” SETUP Authenticator Client Relying Party User Presence / Verification

  6. Implementation Study Environment Software company • Life sciences sector • STUDY Participants 8 employees • Optional FIDO2 login Sales, developers, managers • •

  7. STUDY PROTOCOL Interview 4 Weeks Workshop

  8. SECURITY AND PURPOSE “It’s more secure because no password needs to be transmitted, the key is used [...] to sign in.” – P6 “It is okay [to use the key] for stuff like online banking [...] not for Facebook or email” – P6

  9. ADOPTION BARRIERS “Well, if I forget or loose it, I couldn’t get into my account” – P3 “I just entered the password because I am used to it.” – P7

  10. AUTHENTICATION TIMINGS Security key Browser auto-fill Manual logins 0 10 20 30 40 50 Time (s)

  11. CONTACT Florian Farke Mobile Security Group Ruhr University Bochum florian.farke@rub.de

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Team Password Manager Password Management Software for Groups http://teampasswordmanager.com

Team Password Manager Password Management Software for Groups http://teampasswordmanager.com

Team Password Manager Password Management Software for Groups http://teampasswordmanager.com What is Team Password Manager - Password manager for groups and projects - Uses projects to group passwords - Secure, fine grained password sharing -

712 views • 9 slides
Cisco Passwords - Enforcing Minimum Password Length Common Types of Password Attacks Brute-Force

Cisco Passwords - Enforcing Minimum Password Length Common Types of Password Attacks Brute-Force

Cisco Passwords - Enforcing Minimum Password Length Common Types of Password Attacks Brute-Force Attack - tries every possible character combination as a password. To recover a single-letter password would require up to 26 combinations. A

415 views • 8 slides
Is Password InSecurity Inevitable? Cryptographic Enhancements to Password Protocols Hugo

Is Password InSecurity Inevitable? Cryptographic Enhancements to Password Protocols Hugo

Is Password InSecurity Inevitable? Cryptographic Enhancements to Password Protocols Hugo Krawczyk (IBM Research) Works with Stanislaw Jarecki, Jiayu Xu (UC Irvine) Aggelos Kiayas (U Edinburgh) Nitesh Saxena, Maliheh Shirvanian (UA Birmingham)

750 views • 32 slides
Password, Authentication, Password Managers Week 4 Frank Chen | Spring 2017 Frank Chen | Spring

Password, Authentication, Password Managers Week 4 Frank Chen | Spring 2017 Frank Chen | Spring

LastPass, a Password Manager Application CS 88S Password, Authentication, Password Managers Week 4 Frank Chen | Spring 2017 Frank Chen | Spring 2017 Agenda Review last weeks material Some Definitions Password in the Cloud

584 views • 47 slides
LastPass An Introduction to Password Managers Why do I need a Password manager? Email is your

LastPass An Introduction to Password Managers Why do I need a Password manager? Email is your

LastPass An Introduction to Password Managers Why do I need a Password manager? Email is your Master Key When you forget a password, they send a reset link to your email. Anyone with access to your email has the power to reset your other

549 views • 31 slides
Proactive Password Checking Analyze proposed password for goodness Always invoked

Proactive Password Checking Analyze proposed password for goodness Always invoked

Proactive Password Checking Analyze proposed password for goodness Always invoked Can detect, reject bad passwords for an appropriate definition of bad Discriminate on per-user, per-site basis Needs to do

363 views • 21 slides
Day 3 If you are still using the default password that was assigned when your account was

Day 3 If you are still using the default password that was assigned when your account was

Day 3 If you are still using the default password that was assigned when your account was created, CHANGE IT NOW! (It can be the same as your email password.) Day 3 Steps in compiling: (Optional preprocessing) Lexical analysis

483 views • 17 slides
Measuring password strength by simulating password-cracking algorithms Saranga Komanduri Patrick

Measuring password strength by simulating password-cracking algorithms Saranga Komanduri Patrick

Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms Saranga Komanduri Patrick Gage Kelley, Michelle L. Mazurek, Richard Shay, Tim Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor,

1.88k views • 85 slides
Open source password manager for teams 80% of security incidents are due to poor password

Open source password manager for teams 80% of security incidents are due to poor password

Open source password manager for teams 80% of security incidents are due to poor password management policies. ~ Trustwave Each year, over 125 millions hours of productivity are lost due to passwords management problematics. ~

950 views • 25 slides
1 1 11/17/09 2 2 11/17/09 The SiteKey. This is not a graphical password system. ...and I'm

1 1 11/17/09 2 2 11/17/09 The SiteKey. This is not a graphical password system. ...and I'm

11/17/09 1 1 11/17/09 2 2 11/17/09 The SiteKey. This is not a graphical password system. ...and I'm pretty sure it doesn't work. 3 3 11/17/09 - basic outline -problems with password usability and security -how various graphical

1.55k views • 86 slides
PASSWORD STRENGTH ANALYSIS COPING MECHANISMS IN PASSWORD SELECTION Brian Curnett and Teri Flory

PASSWORD STRENGTH ANALYSIS COPING MECHANISMS IN PASSWORD SELECTION Brian Curnett and Teri Flory

PASSWORD STRENGTH ANALYSIS COPING MECHANISMS IN PASSWORD SELECTION Brian Curnett and Teri Flory Masters Students The Center for Education and Research in Information Assurance and Security CURRENT STATUS Problem Statement Stringent

286 views • 15 slides
A Large-scale Analysis of the Mnemonic Password Advice Johannes Kiesel , Benno Stein, Stefan Lucks

A Large-scale Analysis of the Mnemonic Password Advice Johannes Kiesel , Benno Stein, Stefan Lucks

A Large-scale Analysis of the Mnemonic Password Advice Johannes Kiesel , Benno Stein, Stefan Lucks Bauhaus-Universitt Weimar www.webis.de NDSS 2017, February 27 th 2017 Mnemonic Password Creation Password: Show password Random

684 views • 17 slides
Authentication Kypros Ioannou Professor: Elias Athanasopoulos Passwords (1/3) A password is

Authentication Kypros Ioannou Professor: Elias Athanasopoulos Passwords (1/3) A password is

Authentication Kypros Ioannou Professor: Elias Athanasopoulos Passwords (1/3) A password is weak authentication mechanism. Use Brute Force to find the password. We are using Hashing and Salt to protect the password. Passwords: Two factors

559 views • 51 slides
The Password Doesnt Fall Far: How Service Influences Password Choice Miranda Wei, The

The Password Doesnt Fall Far: How Service Influences Password Choice Miranda Wei, The

The Password Doesnt Fall Far: How Service Influences Password Choice Miranda Wei, The University of Chicago Maximilian Golla, Ruhr University Bochum Blase Ur, The University of Chicago Baltimore, USA | August 12, 2018

474 views • 25 slides
Authentication Authentication Overview Registration User sends username and password

Authentication Authentication Overview Registration User sends username and password

Authentication Authentication Overview Registration User sends username and password Validate password strength Store salted hash of the password Authentication User sends username/password Retrieve the stored salted

359 views • 20 slides
Investigating the Distribution of Password Choices David Malone and Kevin Maher, Hamilton

Investigating the Distribution of Password Choices David Malone and Kevin Maher, Hamilton

Investigating the Distribution of Password Choices David Malone and Kevin Maher, Hamilton Institute, NUI Maynooth. 19 April 2012 How to Guess a Password? Passwords are everywhere. If you dont know the password, can you guess it? 1. Make a

420 views • 18 slides
Co-Founder and CRO @ RiskSpotlight (last 7 years) Passionate about utilising risk management as a

Co-Founder and CRO @ RiskSpotlight (last 7 years) Passionate about utilising risk management as a

Co-Founder and CRO @ RiskSpotlight (last 7 years) Passionate about utilising risk management as a management tool to define and execute business strategy Part of UK delegation for revision of the ISO 31000 standard Member of the IOR project team

1.13k views • 21 slides
Email Marketing Foundations for Success By Nicole Delma Email Marketing - Intro Email Marketing

Email Marketing Foundations for Success By Nicole Delma Email Marketing - Intro Email Marketing

Email Marketing Foundations for Success By Nicole Delma Email Marketing - Intro Email Marketing has been a remarkably powerful lever for marketers since the early days of batch and blast sends. Aware of its power to drive revenue and response,

248 views • 20 slides
Aim Aim I can explain why we need to budget and how we make one. Success Criteria Success

Aim Aim I can explain why we need to budget and how we make one. Success Criteria Success

Aim Aim I can explain why we need to budget and how we make one. Success Criteria Success Criteria I can explain what a budget is. Statement 1 Lorem ipsum dolor sit amet, consectetur adipiscing elit. I can give reasons why we need

339 views • 14 slides
Right Thinking Prayer Stating the Case Planning Well Understanding Moneys place in

Right Thinking Prayer Stating the Case Planning Well Understanding Moneys place in

Mind Set and Method to the Funding of the Mission Right Thinking Prayer Stating the Case Planning Well Understanding Moneys place in Ministry Business Money, People, Machines To produce profitMore Money

526 views • 23 slides
Post-Quantum Cryptography a talk about problems problems problems Andreas Hlsing TU

Post-Quantum Cryptography a talk about problems problems problems Andreas Hlsing TU

Post-Quantum Cryptography a talk about problems problems problems Andreas Hlsing TU Eindhoven The Problem 9/3/2018 Andreas Hlsing https://huelsing.net 2 Public-key cryptography 9/3/2018 Andreas Hlsing https://huelsing.net 3

516 views • 36 slides
USING DATA TO WIN AT THE BALLOT BOX Center for Transportation Excellence & Public

USING DATA TO WIN AT THE BALLOT BOX Center for Transportation Excellence & Public

USING DATA TO WIN AT THE BALLOT BOX Center for Transportation Excellence & Public Transportation Advocates in Action Patrick Ruffini, Echelon Insights July 12, 2016 1 FIRM BACKGROUND Founded in 2014 by pollster Kristen Soltis

671 views • 13 slides
480 million records 2.9 billion holdings WorldCat gets one new record every second As of

480 million records 2.9 billion holdings WorldCat gets one new record every second As of

480 million records 2.9 billion holdings WorldCat gets one new record every second As of June 2020 BREAK OCLC Cataloging Community Meeting 2020 WorldCat i at is g global al Top 10 languages 483 English 39% Japanese 3% 183 million

253 views • 14 slides
FLORIDA DEEP DIVE ANALYSIS 1 Focus Groups Online Survey 2 Global Strategy Group and Garin Hart

FLORIDA DEEP DIVE ANALYSIS 1 Focus Groups Online Survey 2 Global Strategy Group and Garin Hart

FLORIDA DEEP DIVE ANALYSIS 1 Focus Groups Online Survey 2 Global Strategy Group and Garin Hart Yang conducted Global Strategy Group and Garin Hart Yang four focus groups in Florida on May 21 st and 22 nd , conducted an online survey of 1,056

199 views • 15 slides

More recommend