9 hours 59 minutes
authentication, authentication and credentials in the cloud. So we're gonna look at impacts of cloud on authentication, will go over some of the multi factor authentication options and will touch on Fight of the Universal two factor authentication standard.
As we discussed previously, authentication is the process of providing or confirming an identity, and it's the responsibility of the identity provider to ensure quality authentication In the cloud world, things are a little different. We have broad network access, so they authentication occurs over the general Internet, and there's less trust,
and it has to be much stronger.
Single sign on is great. It makes it easier for the users to have the same account and the administrators to manage fewer accounts for many different services. But at the same time, you have the problem of compromising a single account, can open the door to accessing many different providers,
very much like the old advice not to use the same user name and password
on the many different websites that you may be personally signed up for. The concern about this is what the user name and password gets hacked in one place than the hacker can take. That user name and password
and apply it in different service providers and potentially compromised multiple of your accounts. So with single sign on, there really is only one user name and password, and it's all controlled and a centralized, authoritative source.
But when you compromise one, you can get into many different providers. But fortunately, multi factor authentication conundrum Matic Lee reduce the effectiveness of account takeovers and what somebody could do. Let's dive into some of the multi factor authentication options here. Keeping in mind multi factor authentication involves authenticating providing something you know, such as a password
as well as
something that you have, such as a physical device. So you could have ah, hard token. And that is the actual divisive may have seen hanging on people's key chains, where they have one time passwords that continually rotate on the device. And this is the best option when high security levels are required. Similarly, there's a soft token
in this circumstance. You're not gonna have a physical device that you're getting the one time passwords from.
Rather, you will install software on something like your phone or computer, and then that software application itself is going to be giving you code is this includes Microsoft authenticator, Google Authenticator and a variety of other APS out there. The key thing being that they're installed on something you have, whether it's a computer or a phone,
and you have limited access to that.
So if somebody gets your password, they also need to have your phone to get these codes off of it. Or, in the hard tokens scenario, they know your password. Will they also need to have that physical security device is another option there out of band passwords, thes air where the passwords gets sent Teoh via text message. More often than not, SMS
when you're using this, make sure you to consider that messages may be intercepted, especially SMS messages.
Sometimes people use SIM card swapping scams. There's a variety of different mechanism, so it's not quite a secures. The other things we've talked about and last but definitely not least is biometrics. And when I started talking about MF A being something you have being that second factor in this paradigm, we're looking at
that second factor of authentication being something you are
is where you're providing your your fingerprint or retinal scan or something of that nature. Last but not least, we have biometrics, and this is a little different than the second factor. Authentication being something you have. Rather, it's where you're proving somebody. You are something you are based on. Fingerprints,
retinal scans, voice Oh, I ds
this paradigm. There will be a device involved physical device, And that device will have to have an ability of integrating with the cloud service itself because the cloud services themselves need some sort of a way mechanism to get physical access to your biometric data. And that's where the intermediary device comes into play.
We'll touch on the fight. Oh, Universal two factor. Authentication standard. It's growing in usage. It was put together by the fight. Oh, alliance. It is an open authentication standard
that's gaining in adoption, and it's the been deployed to many large scale services such as Facebook, Gmail, Dropbox get hub salesforce dot com and I'm sure the list is going on and on. If you look over at the right, there's some nice little pictures that just describe how it works, and they summarize a lot about the two factor authentication
process you can see in the first scenario we have you unlocked the phone when using biometrics, which is we were talking about. So the phone is that biometric device,
and then it confirms the utf log in. And so what's gonna happen is the phone is going to send information to your identity provider. There's some app on your phone and says, Yes, this is the person I received the fingerprint. It's matching what I expect. And it will pass along a little attributes with that individuals profile saying
not only have they been authenticated, but they've been authenticated using the biometric
method of authentication. Then you have the UTF for mobile, which is where you enter a user name and password, and you have, ah, little physical device. We're looking at that hard, token approach which will communicate with your phone or your iPad or what have you using by their Bluetooth or other protocols?
And that's the method for
demonstrating the something I have, which is that hard, token approach. And there's also the USB approach, which is an alternative way of using hard tokens. And so this is a pretty strong method of universal two factor authentication but still growing in its presence and use.
All right, let's have another quiz question when closing out this rather short video. Which MF a method is the most vulnerable to interception hard tokens, soft tokens out of van passwords or biometrics.
Well, we covered this not that long ago, and hopefully you still remember the out of band passwords often going to be intercepted. Especially the SMS, was the example that I gave.
And in closing out this video, when we talk about we looked at the impacts of cloud on authentication. We examined some of the different multi factor authentication options, and we touched on the fighter Universal two factor authentication standard.