AppSecUSA 2015 has ended
AppSecUSA 2015 - Buy ticket at http://2015.appsecusa.org/buy/
Back To Schedule
Thursday, September 24 • 2:00pm - 2:55pm
Secure Authentication without the Need for Passwords

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The recent major hacks at Sony, Target, Home Depot, Chase and Anthem all have something in common; they all gained access by stolen credentials. Hacking credit/debit cards is a growth industry, 66% CAGR. As more information and transactions are conducted online, the need for securing this information and these transactions is becoming paramount. There is increasing pressure to secure this information, customers wants it and shareholders are demanding it. Government regulations are good but they come slowly and the fraudsters seem to be gaining the upper hand.

There are a number of various biometric technologies being used with moderate success. Fingerprint, facial recognition, iris scan and voice recognition all provide a good level of security but are week in the area of usability.

Behavioral Biometrics is an area that offers ease of use, high level of security and does not require the need for passwords. An additional benefit is that there is nothing to remember, no special equipment and no personal identifiable information is used. Unlike the other biometric modes, the attributes are revocable which is useful in the corporate world.
How does it work? One scenario is authenticating login. It is a software-based second-factor biometric authentication solution. The technology compares, in real-time, users’ keying of known text against a previously-assembled cadence and habit library built using that known text. No keystroke character data is required for this comparison, only the keystroke timing data.

Some software algorithms function by comparing two chunks of independent typing samples (any text) and provides a statistical analysis of whether the same person typed it and how confident that is it the same person. Applications include, insider threat analysis, continuous monitoring, determining if it is still you after have successful login, and validating distance learning/certification.

These types of authentication are easliy configured and protect against MITM and MITB attacks.

avatar for Don Malloy

Don Malloy

director, Dual Auth
Donald Malloy is the Chairman of OATH, The Initiative for Open Authentication. OATH is an industry alliance that has transformed the authentication market from proprietary systems to an open source standard based architecture promoting ubiquitous strong authentication used by most... Read More →

Thursday September 24, 2015 2:00pm - 2:55pm PDT
Room C