inWebo

Of Passwords, 2-Factor, and Biometry

Posted by | inWebo Blog: Exploring Authentication, Identity, Privacy, and Security | No Comments

The end of passwords – coming up soon!

Passwords are prehistory. Passwords are dead. We’re going to end passwords. Sounds familiar? Google probably has millions of results for each of these searches. Yet, for as long as I can remember – since the emergence of the World Wide Web at least – passwords have been fingerpointed as the flaw in this otherwise amazingly well engineered system. We’ve also been presented with the solutions to the problem. We love good stories and the tech world is full of them. So, when we hear about a new shiny and ingenious thing being invented to end passwords, or that the big guys in the Valley or elsewhere have teamed up on a password killing mission, well, we believe it’s only a matter of weeks or months before this cruisade is over and we go back to more serious business.

350 passwords – and counting

However, passwords still stick around. I have 350 of them in the password manager I signed up for 2 years ago (LoginEverywhere.com). And counting. The cruisade isn’t over. In fact, the enemy has barely been scratched by all the maneuvers launched against him in the 10+ last years. On the contrary, his influence is still growing. Amazing scientific and engineering prowess has taken place in all areas in the same 10 last years, yet we haven’t succeeded in replacing passwords as the main and almost exclusive form of authentication in use. What did we (as an industry) do wrong?

Conflicting views on passwords replacement candidates

Passwords are not a stand-alone part that can be replaced, they are a system, even a 2-sided one: the users signing in on one side, the websites and applications authenticating users on the other side. Both sides have conflicting views about authentication goals. Users suffer from password intoxication (too many of them) and hate complex login processes. Sites want a self-centric and ‘secure’ (italic) authentication. Password replacement candidates favored by websites only make things worse for users since they add usually not convenient authentication method to the existing ones. Password replacement candidates favored by users – if there’s such a thing! – are rightfully dismissed for risk and security reasons by IT professionals.

Passwords were there first so it’s only getting harder displace them. It seems that we’re with them for good.

Unless…

it-sa 2017, Nürnberg

Posted by | Events | No Comments

it-sa 2017

inWebo will be at it-sa 2017 (InfoSec Germany) in Nürnberg, October 10-12, 2017. Read the program here

If you would like to take this opportunity to schedule a discussion with us and go through your authentication and access security challenges, please fill out the form below. We’ll make our best to accommodate your preferences.

We hope to see you there!

Data Connectors, Austin

Posted by | Events | No Comments

Data Connectors Security Conference in Austin

inWebo is a proud sponsor of the 2017 edition of the Data Connectors conference in Austin, on October 5, 2017. Representatives of inWebo and of our partner The SCE Group will be on our booth.

If you would like to take this opportunity to schedule a discussion with us and go through your authentication and access security challenges, please fill out this form. We’ll make our best to accommodate your preferences. You may also visit our booth without a scheduled appointment and talk to the next available representative.

A complimentary VIP pass to the conference can be found here.

  • Place: TCEA – 3100 Alvin DeVane Blvd. Bldg B – Austin, TX78741 – United States
  • Date: Thursday, October 5th 2017, 8:15am to 4:30pm.

Les Assises 2017, Monaco

Posted by | Events | No Comments

Les Assises in Monaco

inWebo will be at Les Assises de la Sécurité 2017 (InfoSec France) in Monaco, October 11-14, 2017. Representatives of inWebo and of our Hexatrust partners will be on our booth. We will also participate to a panel on blockchain security. Read the program here

We hope to see you there!

Data Connectors, NYC

Posted by | Events | No Comments

Data Connectors Security Conference in New York City

inWebo is a proud sponsor of the 2017 edition of the Data Connectors conference in New York City, on November 9, 2017. Representatives of inWebo and of our partner The SCE Group will be on our booth.

If you would like to take this opportunity to schedule a discussion with us and go through your authentication and access security challenges, please fill out this form. We’ll make our best to accommodate your preferences. You may also visit our booth without a scheduled appointment and talk to the next available representative.

A complimentary VIP pass to the conference can be found here.

  • Place: New York’s Hotel Pennsylvania – 401 Seventh Avenue and 33rd Street – New York, NY10001 – United States
  • Date: Thursday, November 9th 2017, 8am to 5:15pm.

inWebo at RoomN mobility conference

RoomN 2017

Posted by | Events | No Comments

Meet with inWebo

inWebo representatives will be attending the 2017 RoomN exhibition in Monaco, March 7-9, 2017.

Please visit our booth and, if you would like to take this opportunity to schedule a discussion with us and go through your authentication and access security challenges, please fill out this form. We’ll make our best to accommodate your preferences.

A new Log API

Posted by | News, Tutorials | No Comments

inWebo provides a Log API so that you don’t have to export activity logs manually every day or every week. Logs are automatically made available in your collect and analytics tools.

inWebo Log API gives access to logs for a given service. Authentication to the API requires the same client certificate as the other inWebo APIs. Following log categories are available:

  • Authentication
  • Actions related to authentication devices (activation, online OTP, notification requests)
  • User management
  • Service configuration and Administration

With a call to the Log API, you can specify start and end dates, make page requests, or filter results by log category. Each record in the result is provided as a JSON table containing the following data:

  • Method used (authenticate, loginCreate…)
  • Result (OK, KO…)
  • User login
  • Time and date
  • IP address (when available)
  • Authentication device used
  • Authentication device identifier

Contact inWebo if you would like to activate this option for your authentication service.

Biometry as a second authentication factor

Posted by | News, Tutorials | No Comments

Following Apple’s introduction of a fingerprint sensor on iPhone 5s in 2013, smartphones increasingly come with a biometric sensor. Market research firms expect that 100% of the installed base will have some form of embedded biometrics by 2020 – this is not yet a commodity, but it will come fast. inWebo has therefore upgraded its solutions to support biometry as a second factor. The option is available on request to all customers, existing as well as prospects still evaluating inWebo (free trial).

Upon activation, the biometry option offers 2 alternatives, “biometry enabled” or “biometry forced”. The former applies to services that require users to enter a PIN as a second factor. Users who opt for it replace that PIN with biometrics. The latter mandates biometry as the second factor.

Biometry Settings

inWebo support of biometry as a second factor can be leveraged with

  • inWebo Authenticator version 4.2.0 or higher. The App supports Apple TouchID, as well as fingerprint sensors on Android Marshmallow (6.0+) smartphones.
  • inWebo mAccess version (0.)2.8 or higher. Developers can use mAccess library to support fingerprint biometry in their App but also virtually any kind of biometry (voice, face…), as long as it is implemented with a “match on card” mechanism (i.e. the biometric data is stored and verified locally on the smartphone). The library documentation provides a complete implementation for fingerprint sensors.

Please contact inWebo if you would like to easily add biometry as a second authentication factor for your services or applications.

inWebo at RSA Conference 2017

RSA Conference 2017

Posted by | Events | No Comments

Meet with inWebo

inWebo representatives will be attending the 2017 RSA Conference in San Francisco, Feb 9-13, 2017.

If you would like to take this opportunity to schedule a discussion with us and go through your authentication and access security challenges, please fill out this form. We’ll make our best to accommodate your preferences.

inWebo at Data Connectors SF 2016

Data Connectors, San Francisco

Posted by | Events | No Comments

Meet with inWebo

inWebo is a proud sponsor of the 2016 edition of the Data Connectors SF conference in San Francisco, on December 8, 2016. Representatives of inWebo will be on our booth, together with our Santa Clara based partner, AxiadIDS.

If you would like to take this opportunity to schedule a discussion with us and go through your authentication and access security challenges, please fill out this form. We’ll make our best to accommodate your preferences. You may also visit our booth without a scheduled appointment and talk to the next available representative.