DOCSLIB.ORG

Enable Strong Passwordless Authentication at Scale

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Enable Strong Passwordless Authentication at Scale Enable strong passwordless authentication at scale Ashvin Saminathen, CISSP Passwordless advocate © 2021 © Yubico © 2020 Yubico The P@5$W0r4 paradox ● Best practice dictates that passwords have to be: ○ Complex ○ Changed regularly ○ Unique and not re-used across services ● This makes passwords insecure (and costly): ○ Passwords are difficult to remember (people often write them down) ○ Passwords are relatively easy to crack ○ Resetting passwords is one of the biggest costs in IT support ○ Passwords are highly susceptible to phishing attacks © 2021 © Yubico 2 Not all authentication is created equal 80% 10%-50% 0% attack attack attack penetration penetration penetration rate rate rate Username and Basic 2FA: SMS, Strong password email, mobile authentication ● Deployed everywhere ● Not purpose-built for security ● Purpose-built for security ● Known usability gaps ● Uses existing technology stacks ● No network connection, ● Costly and hard to sustain that are vulnerable to network stored data, or client software ● Common target for credential and software attacks required phishing ● Common target for credential ● Highly phishing resistant phishing © 2021 © Yubico How OTP/mobile push is phished Victim Fake login Fake successful page login …seconds later Credentials Successful login by attacker Authentication Attacker Web services OTP/Mobile Push © 2021 © Yubico 4 We need something better!!! The need for strong passwordless authentication © 2021 © Yubico © 2020 Yubico What is passwordless? Passwordless authentication is any form of authentication that doesn’t require the user to provide a password at login. Something you know Something you have Something you are ● PIN ● Smart card ● Fingerprint ● Security key ● Face ● Voice ● Iris © 2021 © Yubico 6 What is FIDO2 passwordless authentication? Microsoft and Yubico sought to improve security, usability, and scale—without compromise. FIDO2 W3C Web Authentication API Authenticator Client/Platform server WebAuthn Application Browser Platform CTAP FIDO Client to Authenticator Protocol Open standards utilizing public-key cryptography with phishing protections to enable strong passwordless multi-factor authentication. © 2021 © Yubico 7 How do I use passwordless authentication? YubiKeys with Microsoft Azure Active Directory © 2021 © Yubico © 2020 Yubico What is needed to to make passwordless work? Microsoft Azure AD Compatible web browser (any edition) (latest version of Microsoft Edge, Chrome, Safari, etc.) Compatible FIDO2 Computer login requires security keys (YubiKeys) Microsoft Windows 10 (1903) or higher Yubico © 2020 © © 2021 © Yubico 9 © 20212016 Yubico © 20212016 Yubico © 20212016 Yubico Where does passwordless fit in the enterprise? Privileged Mobile Shared Remote Office 3rd party End accounts restricted workstation workforce workers user customers Secure privileged Secure call Protect shared Enable remote Improve UX and Protect corporate Safeguard your account users (to centers for workstation users workforce (and security for system access customers’ end prevent account mobile restricted (and enable enable secure office workers - by 3rd parties customer breaches) users (and efficient log-in, access from Office 365 (protect IP, (secure their enable efficient compared to home) compliance) accounts) log-in) mobile phone Yubico © 2020 © © 2021 © Yubico 13 YubiKey: The bridge to passwordless Multiple protocol support with the YubiKey The YubiKey provides both traditional on-prem and cloud environment support: ● Microsoft Active Directory using PIV ● Microsoft Azure AD using FIDO2 © 2021 2016 © Yubico Microsoft Topology Overview © 2021 © Yubico More info can be found at https://yubi.co/msftyk YubiEnterprise Services Strong authentication at scale Customer Demand YubiEnterprise YubiEnterprise Subscription Delivery © 2021 © Yubico What next? Learn more Developer Program Try Microsoft + YubiKey Visit the Yubico Access developer Contact Yubico Featured Partner resources for rapid to learn how you can Showcase during integration Microsoft Ignite get started Visit www.yubico.com/passwordless for more information. © 2019 © Yubico © 2021 2019 © Yubico © 2021 2020 © Yubico CONFIDENTIAL - YUBICO INTERNAL ONLY 18.
Load more

Recommended publications
  • The Future of Retail Technology with Martin Shave – Microsoft Business Applications Industry Lead
    The future of retail technology With Martin Shave – Microsoft Business Applications Industry Lead Listen to Episode How we buy things is changing. These days, you can book a cab using This pace of change affects every retailer. Even the specialists. an app, no need to make a call or talk to someone if you don’t feel Whether selling cars, clothes or washing machines. And being able like it. For a retail customer, the experience of purchasing goods has to provide a connected experience solely through an e-commerce changed because of such apps. There was already a significant shift site is a challenge. If you want to buy a new car, you may do initial to buying online, further accelerated by many shops not being open research online, but you still want to sit in the car, get a feel for it, look during the pandemic. But we are seeing the pace of change, and at the trim, play around with the seat. New technology can help with innovation, increase. this experience. Mixed reality, for example, introduces an element of interactivity. You can see a customisable 3D image of what you want to buy through an app on your phone or desktop, even down to the trim of your choice. This elevates e-commerce into something more valuable to your customer. 2 / 6 Will consumers always need an element of physical retail experience? In some cases you do want to touch, taste, or even smell (that ‘new car Beacon and proximity-based technology, and opting into apps, helps smell’) the products you are buying, so the future of commerce isn’t retailers capture customer information.
    [Show full text]
  • Microsoft Book of News in Deutsch
    Book of News Microsoft Ignite 2020 Deutsche Microsoft Book of News in Deutsch NOTE: PDF translations for the Book of News are now available to assist in reading content in languages other than English. Please note that translations may not always be exact and should be used as an approximation of the original English language content. Ein Vorwort von Frank Shaw : Was ist das Book of News? 1. Azure 1.1 Azure KI 1.1.1 Azure Cognitive Search-Updates: Private Endpoints und Managed Identities 1.1.2 Azure Cognitive Services-Updates: Metrics Advisor-Vorschau, Spatial Analysis- Vorschau, Anomaly Detector GA 1.1.3 Azure Machine Learning-Updates: Designer, Automated ML GA und mehr 1.1.4 Microsoft Bot Framework- und Azure Bot Service-Updates 1.2 Azure Data 1.2.1 Azure Cache for Redis bietet Entwicklern zwei neue Produktebenen, um neue Anwendungsfälle freizuschalten und Caches zu verbessern 1.2.2 Azure Cosmos DB bietet jetzt eine serverlose Option für Datenbankoperationen mit geringen Workloads 1.2.3 Azure Database for MySQL und Azure Database for PostgreSQL bieten flexible Server-Bereitstellungsoption zur Verbesserung von Auswahl, Leistung und Skalierbarkeit 1.2.4 Azure SQL erweitert die Zonenredundanz auf Allzweckdatenbanken, um die Robustheit zu erhöhen 1.2.5 Azure SQL Edge, optimiert für IoT-Gateways und -Geräte, ist jetzt allgemein verfügbar 1.2.6 Nutzungsbasierte Optimierung mit Azure Synapse und Power BI 1 1.2.7 Ankündigung der Vorschau von Photon-betriebenen Delta Engine for Azure Databricks zur Beschleunigung großer Daten- und KI-Workloads
    [Show full text]
  • Restarting and Reinventing School: Learning in the Time of COVID and Beyond
    Restarting and Reinventing School Learning in the Time of COVID and Beyond Linda Darling-Hammond, Abby Schachner, and Adam K. Edgerton in collaboration with Aneesha Badrinarayan, Jessica Cardichon, Peter W. Cookson Jr., Michael Griffith, Sarah Klevan, Anna Maier, Monica Martinez, Hanna Melnick, Natalie Truong, and Steve Wojcikiewicz AUGUST 2020 Restarting and Reinventing School: Learning in the Time of COVID and Beyond Linda Darling-Hammond, Abby Schachner, and Adam K. Edgerton in collaboration with Aneesha Badrinarayan, Jessica Cardichon, Peter W. Cookson Jr., Michael Griffith, Sarah Klevan, Anna Maier, Monica Martinez, Hanna Melnick, Natalie Truong, and Steve Wojcikiewicz Acknowledgments The authors thank our Learning Policy Institute colleagues Roberta Furger, Janel George, Tara Kini, Melanie Leung, and Patrick Shields for their support, contributions, and thought partnership. In addition, we thank Erin Chase and Aaron Reeves for their editing and design contributions to this project and the entire LPI communications team for its invaluable support in developing and disseminating this report. Without their generosity of time and spirit, this work would not have been possible. This research was supported by the S. D. Bechtel Jr. Foundation, the Stuart Foundation, and the W. Clement and Jessie V. Stone Foundation. Core operating support for the Learning Policy Institute is provided by the Heising-Simons Foundation, Raikes Foundation, Sandler Foundation, and William and Flora Hewlett Foundation. We are grateful to them for their generous
    [Show full text]
  • 02252021 Ignite Judson Althoff
    03032021 Ignite Judson Althoff Judson Althoff: Microsoft Ignite 2021 March 3, 2021 JUDSON ALTHOFF: Good morning, good afternoon and good evening, depending on where you are in the world. At Microsoft, you hear us talk a lot about our mission, a lot about how we strive to empower every person and every organization on the planet to achieve more. And we really do keep that top of mind and in our hearts every day when we come to work, even in terms of how we build our products and do our research and development here at the company. We go to market by industry and through what we call solution areas. Solution areas are less about our product pillars and more about how customers like you see leveraging our technology to further their business goals. Today, I want to talk to you about the progress we’re making in each solution area, and more importantly, how our customers are taking those solution areas and composing them by industry to drive world-leading digital outcomes. Simply stated, Microsoft is at its best when we marry up our portfolio of intellectual property with the customer’s business needs, and that’s what this concept of taking our solution areas and driving digital outcomes is really all about. Through a little bit of green screen magic, I’m going to take you on a tour around the world to visit five different customers across different industries and geographies and learn about how they’re leveraging our solution areas to drive digital outcomes. First, let’s visit Chennai, India.
    [Show full text]
  • Proceedings: Shrubland Dynamics -- Fire and Water
    Proceedings: Shrubland Dynamics—Fire and Water Lubbock, TX, August 10-12, 2004 United States Department of Agriculture Forest Service Rocky Mountain Research Station Proceedings RMRS-P-47 July 2007 Sosebee, Ronald E.; Wester, David B.; Britton, Carlton M.; McArthur, E. Durant; Kitchen, Stanley G., comps. 2007. Proceedings: Shrubland dynamics—fire and water; 2004 August 10-12; Lubbock, TX. Proceedings RMRS-P-47. Fort Collins, CO: U.S. Department of Agriculture, Forest Service, Rocky Mountain Research Station. 173 p. Abstract The 26 papers in these proceedings are divided into five sections. The first two sections are an introduction and a plenary session that introduce the principles and role of the shrub life-form in the High Plains, including the changing dynamics of shrublands and grasslands during the last four plus centuries. The remaining three sections are devoted to: fire, both prescribed fire and wildfire, in shrublands and grassland-shrubland interfac- es; water and ecophysiology shrubland ecosystems; and the ecology and population biology of several shrub species. Keywords: wildland shrubs, fire, water, ecophysiology, ecology The use of trade or firm names in this publication is for reader information and does not imply endorsement by the U.S. Department of Agriculture or any product or service. Publisher’s note: Papers in this report were reviewed by the compilers. Rocky Mountain Research Station Publishing Services reviewed papers for format and style. Authors are responsible for content. You may order additional copies of this publication by sending your mailing information in label form through one of the following media. Please specify the publication title and series number.
    [Show full text]
  • What NET Developers Need to Know About Azure
    What .NET developers need to know about Azure Contents Microsoft Azure: A History ..................................................................................... 3 Shifting Perspectives for Microsoft Azure .................................................. 7 Impact on the Development Life Cycle ......................................................10 Introduction to the Latest Azure Innovations ...........................................14 01 Microsoft Azure: A History 3 Launched in January 2010, Microsoft Azure is now more than seven Azure has been through many rounds of changes that have significantly years old. Like all seven-year-olds, Azure has been through some affected the ways in which .NET and other developers interact with the memorable teething troubles over the years, as well as some incredible platform. growth and change. In this section, we’ll look back at the history of Microsoft Azure, including the ways in which Microsoft’s strategy for the The shift in strategy has been rocky at times. In 2011, technology reviewers platform and for the company as a whole have shifted in recent years. described Microsoft Azure as a confusing platform with a difficult to use Recently, Microsoft has focused on opening up the Azure environment web-based interface and incomprehensible documentation. Since then, to widen its appeal to all kinds of developers, including those working in the teams working on the platform have gradually improved it, resulting in non-Microsoft frameworks and languages. a much more user-friendly platform that offers a well-organized array of services. Microsoft’s History From the 80s to One of the biggest changes for the Microsoft Azure platform was its evolution from a Silverlight application to a web portal written in the new the 2000s HTML5 standard.
    [Show full text]
  • Integration of Microsoft Skype for Business in Teams; Exciting News for the Contact Center
    Vianen, October 2nd, 2017 Integration of Microsoft Skype for Business in Teams; exciting news for the Contact Center During Microsoft Ignite, Lori Wright, General Manager for Microsoft Teams and Skype product marketing, outlined Microsoft’s plans and vision for Teams and Skype. They confirmed the rumors that Teams will evolve as the primary client for communications in Office 365 and, over time, will replace the Skype for Business Online client. Microsoft committed to interop between Teams and hosted Skype for Business. Details of the release What are the implications for the extended functionalities that are offered on top of Skype for Business by natively integrated Contact Center Solutions like CC4Skype, is the question that rises. Quick analyses With the integration of Skype for Business (SfB) with Teams, Microsoft acknowledges that communication functionalities have increasingly become a component of online group activities. For the Contact Center environment collaboration in teams has existed for a long time. Nowhere is the need more evident to have the right information at the right place at the right time. The promise of Teams brings additional integration of all information streams and that is where Contact Centers will benefit. Adding contextual information like LinkedIn profiles and recent social activities will make the Contact Center agent and/or the back office much more aware of the person they are dealing with. Integration of Contact Center functionality with platforms like Microsoft Dynamics and Salesforce.com are therefore a key component of an overall solution. Being natively integrated with Microsoft Skype for Business and integrated with Dynamics, the Teams integration will add a third layer of collaboration capabilities to customers.
    [Show full text]
  • Microsoft Book of News Em Portugues
    Book of News Microsoft Ignite 2020 Português Microsoft Book of News em Portugues NOTE: PDF translations for the Book of News are now available to assist in reading content in languages other than English. Please note that translations may not always be exact and should be used as an approximation of the original English language content. Prefácio de Frank Shaw : O que é o Book of News? 1. Azure 1.1 IA do Azure 1.1.1 Atualizações do Azure Cognitive Search: Pontos de Extremidade Privados e Identidades Gerenciadas 1.1.2 Atualizações do Azure Cognitive Services: Metrics Advisor Preview, Spatial Analysis Preview, Disponibilidade Geral do Detector de Anomalias 1.1.3 Atualizações do Azure Machine Learning: Designer, Disponibilidade Geral do ML Automatizado e muito mais 1.1.4 Atualizações do Microsoft Bot Framework e do Serviço de Bot do Azure 1.2 Dados do Azure 1.2.1 O Cache do Azure para Redis oferece aos desenvolvedores duas novas camadas de produtos para obter novos casos de uso e melhorar os caches 1.2.2 O Azure Cosmos DB agora oferece opção sem servidor para operações de banco de dados com cargas de trabalho pequenas 1.2.3 O Banco de Dados do Azure para MySQL e o Banco de Dados do Azure para PostgreSQL oferecem opção de implantação de Servidor Flexível para melhorar a escolha, o desempenho e a escala 1.2.4 O Azure SQL expande a redundância de zona para bancos de dados de uso geral para aumentar a durabilidade 1 1.2.5 O SQL do Azure no Edge, otimizado para dispositivos e gateways IoT, agora está em disponibilidade geral 1.2.6 Otimização baseada
    [Show full text]
  • Microsoft Book of News (Japanese)
    Book of News Microsoft Ignite 2020 日本語 Microsoft Book of News PDF translations for the Book of News are now available to assist in reading content in languages other than English. Please note that translations may not always be exact and should be used as a n approximation of the original English language content. Frank Shaw による序文 Book of News について 1.Azure 1.1 Azure AI 1.1.1 Azure Cognitive Search の更新:プライベート エンドポイントとマネー ジド ID 1.1.2 Azure Cognitive Services の更新:Metrics Advisor プレビュー、Spatia l Analysis プレビュー、Anomaly Detector GA 1.1.3 Azure Machine Learning の更新:デザイナー、自動 ML GA など 1.1.4 Microsoft Bot Framework および Azure Bot Service の更新 1.2 Azure Data 1.2.1 Azure Cache for Redis が新しいユース ケースを導入し、キャッシュを 改善する新しい 2 つの製品層を開発者に提供 1.2.2 Azure Cosmos DB が、小規模なワークロードでのデータベース運用のため のサーバーレス オプションを提供 1.2.3 Azure Database for MySQL と Azure Database for PostgreSQL が、選択 肢、パフォーマンスおよびスケールを向上させる柔軟なサーバー展開オプション を提供 1.2.4 Azure SQL が、ゾーンの冗長性を汎用データベースに拡張することで耐久 性を強化 1.2.5 IoT ゲートウェイやデバイスに最適化された Azure SQL Edge が一般提供 を開始 1 1.2.6 Azure Synapse と Power BI による使用量ベースの最適化 1.2.7 ビッグ データおよび AI ワークロードを高速化する、Photon を使用した Delta Engine for Azure Databricks のプレビューを発表 1.2.8 最終アクセス時刻のライフサイクル管理 1.3 Azure データセンター 1.3.1 より多くの Azure リージョンに展開された可用性ゾーン 1.3.2 Azure Orbital が、衛星データおよび機能へのアクセスを提供することで コスト削減と効率性の向上を実現 1.3.3 Azure Resource Mover が、リージョン間の複数のリソースの移動を簡素 化 1.3.4 Azure 仮想マシンのゾーン間の障害復旧が利用可能 1.4 Azure Dev とエコシステム 1.4.1 .NET 5 リリース候補版が利用可能 1.4.2 Azure App Service の更新には、新しいコスト削減オプション、Windows コンテナーのサポート、GitHub Actions の統合が含まれる 1.4.3 Azure Communication Services を使用して、Microsoft Teams
    [Show full text]
  • Remedy Exhibit
    Microsoft - PressPass All Products | Support | Search | microsoft.com Guide PressPass Home | Press Releases | Subscribe | Legal Issues | About Microsoft Search PressPass Remarks by Bill Gates and Steve Ballmer Microsoft News Jan. 13, 2000 New Press Releases Redmond, Wash. Products & Services International News MR. GATES: Good Afternoon, Lifestyles PR Contacts Microsoft was founded 25 years ago, and I’ve had the same job as CEO during that entire 25 year period. The vision that Paul Allen and I had of the PC becoming an empowering tool, and software Company Info playing a central role in that has certainly achieved a lot of the dreams that we’ve had. And yet, I Financial would say that today there is more opportunity for software than there has ever been. Even though Executives we have over 400 million machines out there, running the graphic interface, a very high percentage Bill Gates' Site running our office productivity software, in a sense you can say that you haven’t seen anything yet. Community Affairs Advertising The revolution ahead is one where we still feel that software will very much be at the center. And Events yet, the nature of software will be changing, software will be delivered in many cases as a service across the Internet instead of a packaged product. The way that software has been developed using Site Map things like XML, to interface, to speech systems, to hand writing systems -- it will appear in a different form than it has. When I think of how this decade will be, how will people look back at it, I think we can say that they might even call it the "software decade." It’s during this decade that the way business is done will be defined by software, the way that you share and find information will be defined by software -- even the way we think of entertainment, the way we think of music and photos.
    [Show full text]
  • Microsoft Ignite 2019
    Microsoft Ignitessa julkaistut infrapalvelut ja -parannukset 1 Mika Seitsonen • @ Sovelto • Yhteystiedot • Johtava konsultti • e-mail [email protected] • Twitter @MikaSeitsonen • Muutama fakta • https://www.linkedin.com/in/MikaSeitsonen • M.Sc., University of Nottingham, U.K. • DI, Lappeenrannan teknillinen yliopisto • Harrastukset • Co-author of "Inside Active Directory" • Kuntourheilu (hiihto, suunnistus, pyöräily) • Moottoriurheil(ija)un innokas seuraaja • Sertifioinnit • Microsoft Certified Trainer (MCT) vuodesta 1997, Microsoft Certification ID 414xxx • MCSE: Productivity • MCSA: Office 365, Windows 2008, Windows 7 • Microsoft Certified: Azure Fundamentals, Azure Administrator Associate • ITIL Foundation 2011 Agenda • Yleiset huomiot tapahtumasta • Azuren tärkeimmät julkistukset • Microsoft 365:n tärkeimmät julkistukset • Osaamisen kehittäminen ja ylläpitäminen3 Osallistuako läsnä vai etänä? LÄSNÄ ETÄNÄ + verkostoituminen + päivät käytettävissä + reflektointi ja yhdessä muuhun oppiminen + univelasta aikaeroa + tiimiytyminen helpompi palautua - aikaero + helpompi keskittyä - matkustamiseen - interaktio kuluva aika - kustannukset 4 Yleiset huomiot tapahtumasta 5 Microsoft Ignite 2019 • Orlando - OCCC (Orange County Convention Center) 4.-8.11. • USA:n toiseksi suurin konferenssikeskus • n. 25 000 osallistujaa + 5 000 Microsoftin ja näytteilleasettajien edustajaa • Näistä n. 200 suomalaisia • Book of News tällä kertaa 87 sivua (vastaava vuoden 2018 Ignitessa: 27 s.) • Ensi vuoden tapahtuma vielä kysymysmerkki ajankohdan ja sijainnin
    [Show full text]
  • The Bill and Melinda Gates Foundation
    Momentum Volume 1 Issue 1 Article 1 2012 The Bill and Melinda Gates Foundation Versus The Carnegie Foundation for the Advancement of Teaching: A Historical Comparison of Two Philanthropic Powerhouses in Education Brittany Leknes Science, Technology and Society Program, University of Pennsylvania, [email protected] Follow this and additional works at: https://repository.upenn.edu/momentum Recommended Citation Leknes, Brittany (2012) "The Bill and Melinda Gates Foundation Versus The Carnegie Foundation for the Advancement of Teaching: A Historical Comparison of Two Philanthropic Powerhouses in Education," Momentum: Vol. 1 : Iss. 1 , Article 1. Available at: https://repository.upenn.edu/momentum/vol1/iss1/1 This paper is posted at ScholarlyCommons. https://repository.upenn.edu/momentum/vol1/iss1/1 For more information, please contact [email protected]. The Bill and Melinda Gates Foundation Versus The Carnegie Foundation for the Advancement of Teaching: A Historical Comparison of Two Philanthropic Powerhouses in Education Abstract This project is a comparison of two young, powerful charitable foundations, the Carnegie Foundation for the Advancement of Teaching, and the Bill and Melinda Gates Foundation. The research examines the first two decades of these two foundations through the lens of public and secondary education in their respective American time periods, politics, economics, and cultures. Although they operate in different time periods and among different main social concerns, the early actions of both the Carnegie Foundation and the Gates Foundation have approached grant-making in fundamentally similar ways to change American education. This paper first displays a brief history of charitable foundations, the problems with American public and secondary schools, and the ways that the Carnegie and Gates Foundations have chosen to address these problems.
    [Show full text]