Love and Authentication -- Addressing the problem of password reset

Channel:
United States Google TechTalks
Subscribers:
348,000
Published on ● Video Link: https://www.youtube.com/watch?v=pypFzJmgPhg


Duration: 55:47
9,677 views
19

Google Tech Talks
August 12, 2008

ABSTRACT

Abstract: One of the most commonly neglected security vulnerabilities associated with typical online service providers lies in the password reset process. By being based on a small number of questions whose answers often can be derived using data-mining techniques, or even guessed, many sites are open to attack. To exacerbate the problem, many sites pose the very same questions to users wishing to reset their forgotten passwords, creating a common "meta password" between sites: the password reset questions. At the same time, as the number of accounts per user increases, so does the risk for the user to forget her password. Unfortunately, the cost of a customer-service mediated password reset, currently averaging $22, is far beyond possible for most service providers. In this talk, an alternative technique will be presented. It is fast and efficient, is compatible with input-constrained devices (such as handheld devices), and has low error rates. It is in the process of being commercialized, with a Fortune 500 company intending to deploy it Q1'09. An overview of the proposed system is available at www.I-forgot-my-password.com, and a demo at www.Blue-Moon-Authentication.com

Speaker: Markus Jakobsson
Dr. Markus Jakobsson is Principal Scientist at Palo Alto Research Center. He is a founder of the security startup RavenWhite, which addresses security problems associated with authentication, malware and click-fraud. He is also one of the founders of SecurityCartoon, an educational approach targeting typical Internet users. Previously, he has held positions as Associate Professor at Indiana University, Adjunct Associate Professor at New York University, Principal Research Scientist at RSA Security, and member of the Technical Staff at Bell Labs. He is a visiting research fellow of the Anti-Phishing Working Group (APWG). Dr. Jakobsson's recent books Phishing and Countermeasures(Wiley, 2006) and Crimeware: Understanding New Attacks and Defenses (Symantec Press, 2008) chart new territory in online security. He received his PhD from University of California at San Diego in 1997.



Other Videos By Google TechTalks


2008-08-22A Startup University to Train Public Servants: the US Public Service Academy
2008-08-21Where the Hell is Matt?
2008-08-16The LabelMe dataset and its applications to scene and object recognition
2008-08-15A New Approach to Design of Massively Parallel Systems
2008-08-15The Borgmann Project: Listing all the Words in English
2008-08-14gPXE: Modern FOSS Network Booting
2008-08-14The World Market for Coal: What's going on the C of "RE less than C"?
2008-08-14News from the Caucasus
2008-08-13Supporting Casual Data-Centric Interactions on the Web
2008-08-13When Will We Discover the Extraterrestrials?
2008-08-13Love and Authentication -- Addressing the problem of password reset
2008-08-12The Xbox 360 Security System and its Weaknesses
2008-08-12Opportunities for Open Source Biotechnology in Underdeveloped Countries
2008-08-12IM2GPS: estimating geographic information from a single image
2008-08-08Sublime & Subliminal: Semantics for Online Advertising
2008-08-02Enhancing Web 2.0 Accessibility Via AxsJAX: A Tutorial at Google - Charles L....
2008-08-02Consumerization of enterprises: A Security Conundrum
2008-08-02Seattle Conference on Scalability: Scaling Google Maps from the big screen do...
2008-08-02Consumerization of enterprises: A Security Conundrum: An Interview with Dr. C...
2008-08-01Does Google Need Managers?
2008-07-29American Cancer Society


Tags:
google
techtalks
techtalk
engedu
talk
talks
googletechtalks
education