Xpress Password

ABC of Password and Authentication Management

By April 16, 2018 No Comments

 

Research says at an average 130 accounts are registered to one email address, 11 passwords are forgotten each year and 71% of accounts are using a password that are used on the other sites !!

Passwords are no longer considered the most convenient or secure way to authenticate since it is only about something the person knows, knowledge can be hacked into.

With the advent of technology, additional options became available for authenticating users. Federal Information Processing Standards Publications (FIPS PUBS) defined certain standards for authentication. These are:

 


Read Whitepaper

New ways to authenticate are combining these three attributes: Knows, Has and Is. For example, you may be asked to authenticate first with a password. Or PIN, then with an OTP token & finally with a fingerprint.

While this many make things quite foolproof it is at a high cost of user Convenience. Hence today’s authentication techniques try to balance between “security” and “user convenience”.

This is typically achieved with “context-based” step-up authentication. For example; if a user first authenticates with his password and the network information, user information, device identification… some or all of these are providing affirmative signals, no more authentication other than the password will be necessary. However, if these signals are showing normal user profile being violated (example: coming in from a network or device that does not fit into the normal pattern) the level of trust/authentication is elevated to “What person has” or “What person is”, or both.

ILANTUS is committed to a safer world and is a member of FIDO alliance.

Announced in Dec 2014, FIDO (Fast Identity Online) is the world’s largest ecosystem for Standards-based, Interoperable Authentication. It reduces reliance on complex passwords, has a single gesture to log on, works with same device people use every day, uses the same authentication with different services and is fast convenient. It is based on public key cryptography and has no server-side secrets to steal.

Read Whitepaper