risk appropriate authentication external
TRANSCRIPT
risk-appropriate authentication – a vision of tomorrow
Per Hägerö
CTO
risk-appropriate authentication?
1
2
3
What are your options?
4
KBA: Lexical
KBA: Graphical
Token: OTP
Token: PKI
Token: OOB
Biometrics: Biological
Biometrics: Behavioral
Something only you know (hopefully) Something you hold
Something your are
Risk levels (NIST SP 800-63-1)
5
Minimal
High
Medium
Low
Risk levels (NIST SP 800-63-1)
6
Minimal
High
Medium
Low
Lexi
cal
OTP
PK
I
OO
B
is it that easy?
7
NO! 8
There are a number of needs and constraints you need to consider Who are you authenticating? Where are they? What will they use it for? What end-points are they using? Are there any regulations? What is the available budget? What is the risk? Others?
9
all set?
10
not yet…
11
consider the aspect of identity proofing
12
≤ 100 %
13
14
IDE
NTI
TY P
RO
OFI
NG
AUTHENTICATION
15
IDE
NTI
TY P
RO
OFI
NG
AUTHENTICATION
16
IDE
NTI
TY P
RO
OFI
NG
AUTHENTICATION
IDENTITY ASSURANCE
17
Assurance
Ease-of-use Adjacent needs
TCO
Considerations
18
19
trends
20
ease of use
21
less is more
22
user centric
23
authenticate once
24
layered approach
PRESENTATION TITLE
25
Whats up at Nexus Labs?