Speaker: Pat Lareau, Passfaces Corp.
Title: Web Wallet: Preventing Phishing Attacks by Revealing User Intention
Abstract:
The fate of authentication secrets in the hands of users has stymied
authentication system designers for decades. The onslaught of
consumer-facing, online applications that demand reliable
authentication underscores the need to achieve both security and
usability in the authentication process. Passfaces challenges the
commonly-held assumption that there is an inevitable trade-off between
these two objectives. Starting with a consideration of the basic
requirements for an "ideal" user secret, we demonstrate that a system
using a set of pictures of human faces as that secret brings about
significant improvements in both security and usability when compared
to text passwords. We then show how some simple refinements of our
"Passfaces" system can provide a highly trustworthy user interface
that does not rely on the intelligence, training or attentiveness of
the user for its integrity.
Biography:
Patricia has been active in the Information Security field, in both
public and private service, for 20 years. She is currently the Vice
President of Product Management for Passfaces Corporation. Previously
Patricia was the Managing Director of InfoGard, a NIST/NIAP Accredited
Security Lab. Patricia also spent 14 years with the National Security
Agency functioning in technical, diplomatic, and executive management
positions. She has participated as a technical expert in the
development of international banking security standards. Patricia
earned her B.S. in Mathematics from Boston College and her M.S. in
Mathematics from the University of Maryland.