Mobile Multifactor AuthenticationUser Login Security
How To Make Mobile Apps Secure
Company Confidential Information
Company Confidential Information
Poor Authentication on the Web
• Passwords are poor security:
• People have too many to remember, choose weak passwords, use the same password on multiple sites
• Vulnerable to key loggers, brute force attacks, dictionary attacks, etc.
Website and Mobile security are the most vulnerable area of IT security
• 96% of all breached records were accessed from outside, often by using stolen login credentials or key loggers that capture passwords
• Challenge Questions are poor security
• Tokens, Smart Cards, Biometrics are expensive, not practical for public-facing websites
• Login credentials leaked from one site are used to access other sites
How to Balance Security & UsabilityThe need for strong security that is easy-to-use
• Businesses sacrifice security in an effort to create a “frictionless” experience for online customers.
• This leads to online fraud and identity theft ($221 Billion in fraud last year alone!), data breaches and other security compromises.
• Businesses struggle to enforce strong authentication without burdening customers.
These issues are compounding as people do more online interactions using mobile devices.
Company Confidential Information
Company Confidential Information
Image-Based AuthenticationImage-based authentication that creates a one-time password
1. The first time a user registers with a website or application they select a few categories to remember
2. Each time authentication is needed, they are presented with a grid of random images
3. The user identifies the images that fit their categories and enters the corresponding letters as their one-time password or PIN
Company Confidential Information
Why Images Are BetterEasy to remember
oThe human brain is better at remembering categories and images vs. strings of random A/N characters and symbols.oIndependent study showed users were able to remember their image passwords with 100% success after 16 weeks. Only 40% of users remembered their text passwords.o Create a One-Time Password with every authentication vs. static A/N or site
key imageGuided Recall• When the user sees the Image Grid, the
pictures help trigger their memory of which categories they chose.
Device independent UI•Deploy on multiple devices PC, tablets, and Smart phones•Very easy to use – click/tap
Simple and SecureImage based Multifactor Authentication
Company Confidential Information
Setup: User Selects 3 Categories Images = Multifactor Authentication
Company Confidential Information
After Account is Setup: During User LoginCategories and Associated Images are displayed for
selection
Company Confidential Information
User Selects Correct Images and Access to Application is Granted
Secure User Access to Data
Business Uses
Logins- Replace passwords- Strengthen weak passwords
• Password reset• Anti-Phishing• Replace challenge
questions
Company Confidential Information
Two Factor, Mobile Authentication
Company Confidential Information
• Most solutions send a one-time password as a text message.
• Multifactor Authentication is more secure because it requires the user to authenticate on the phone by identifying their secret categories.
• This is an additional security and process layer that ensures user authentication and access to applications and data.
- If the phone is lost or stolen, any person can read the text and authenticate a fraudulent transaction.
KillSwitch Capability
• In addition to choosing their secret categories for authentication, the user may choose one or more “No Pass” categories
• Sends automatic alerts or locks the account if someone attempts to break in and taps one of the “Kill Switch” categories
• An offensive technique that stops brute force attacks and can identify IP addresses that are attempting brute force attacks and hacking
Company Confidential Information
Expanding the use of the Image Grid – Cross Messaging
Company Confidential Information
EXAMPLES
The pictures above represent examples of potential cross messaging. Wells Fargo has not yet implemented this solution. Logos, messages and
images are flexible and can be customer defined.
Image Based Security Statistics
Highlighted Example:- For a 4x4 grid requiring 3 images the probability of breaking or guessing is 1:3,360
which provides a security level of 99.97023810%.
Security Level 1: Safety Probability
Company Confidential Information
Thank You
How To Make Mobile Apps Secure
Multifactor Imaged Based Authentication adds to the
security of your website and mobile application
Company Confidential Information
Contact Information
Lee MercadoDirector, Technology Sales / HELM360 Phone: (858) 208-4140 | Cell: (603) 418-458413475 Danielson St, Suite 220 | Poway CA
[email protected] | www.helm360.com