Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

2019 | The Most Forgotten Thing in Identity Management | Identiverse | Day 2, June 26

120 Aufrufe

Veröffentlicht am

Passwords? No, it’s not passwords. I’ll give you a hint: we all use them. Everyday. Many many times a day. Still don’t know? It’s the humble username. The “middle child” of identity management, the username doesn’t get the same attention that its big brother “Password” and its little sister “Password-less” get. Instead, just does his job without thanks or recognition. But, failing to pay attention to username can have major negative impact in both B2B and B2C scenarios. In this talk, Mr. Glazer explores the critical aspects of usernames, highlights downsides of getting username wrong, and offers some best practices when designing username schemes.

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

2019 | The Most Forgotten Thing in Identity Management | Identiverse | Day 2, June 26

  1. 1. THE MOST FORGOTTEN THING IN IDENTITY MANAGEMENTIAN GLAZER FOUNDER & PRESIDENT, IDPRO VP PRODUCT MANAGEMENT, SALESFORCE @IGLAZER
  2. 2. THANKS!
  3. 3. WHY THIS TALK?
  4. 4. I have been incredibly wrong
  5. 5. WHAT I WANT TO TALK ABOUT
  6. 6. Usernames
  7. 7. Most used Most forgotten
  8. 8. Usernames PasswordsPassword-less
  9. 9. Ignore at your peril
  10. 10. Given their importance, we can take 18 minutes to talk about them
  11. 11. 5 ASPECTS OF USERNAMES
  12. 12. Are not secrets
  13. 13. Are not secrets Classified as public
  14. 14. Are not secrets Classified as public Memorable
  15. 15. Are not secrets Classified as public Memorable Unique
  16. 16. Are not secrets Classified as public Memorable Unique Recoverable
  17. 17. USERNAMES CANNOT BE SECRETS
  18. 18. Awesome things from DC
  19. 19. Original Purpose: Report employee wages
  20. 20. 1943
  21. 21. Expanded Purpose: Identify everyone
  22. 22. 1972
  23. 23. Only the person has their Social Security Card… right?
  24. 24. Every business’ secret
  25. 25. Breach damage amplifier
  26. 26. Identifier cannot be secrets
  27. 27. If your identifier is a secret,
  28. 28. then it is a Zero Factor Authenticator.
  29. 29. 9A0919
  30. 30. USERNAMES CLASSIFIED PUBLIC
  31. 31. Restricted Confidential Secret Public
  32. 32. Restricted Confidential Secret Public
  33. 33. Restricted Confidential Secret Public
  34. 34. Why?
  35. 35. Public ≠ Secret
  36. 36. Prevent attributes from becoming usernames
  37. 37. Policy Membership Loyalty
  38. 38. Classify as Public
  39. 39. Publicize
  40. 40. Peter is @astoriarox "Mai 2012 097" by Lord Jim is licensed under CC BY 2.0
  41. 41. INTERSECTION SECRET AND PUBLIC
  42. 42. GDPR
  43. 43. Article 4(1)
  44. 44. “…such as a name, an id number… an online identifier…”
  45. 45. Different types are identifiers are processed differently
  46. 46. Nuance is required
  47. 47. USERNAMES MUST BE MEMORABLE
  48. 48. Call me Ishmael.
  49. 49. Call me Ishmael. Username
  50. 50. Call me Ishmael.
  51. 51. Self-determination
  52. 52. People have to be able to give themselves names
  53. 53. B2C B2B2C
  54. 54. B2C B2B2C B2B B2E
  55. 55. File Fina Lana is not self-determination
  56. 56. We are used to it
  57. 57. But it is not self-determination
  58. 58. File Fina Lana?
  59. 59. First Letter First Name File Fina Lana
  60. 60. First Letter First Name File Fina Lana
  61. 61. First Letter First Name Last Name File Fina Lana
  62. 62. First Letter First Name
  63. 63. First Letter First Name iglazer
  64. 64. First Letter First Name Last Name iglazer
  65. 65. File Fina Lana
  66. 66. Does not support self-determination
  67. 67. Failing to provide memorable usernames
  68. 68. More On-Screen Help More Customer Support Increased Account Recovery Calls
  69. 69. Re-registration
  70. 70. Username reuse
  71. 71. Username reuse can lead to ATO
  72. 72. Provide choices
  73. 73. Email as username
  74. 74. But don’t use email to communicate with me…
  75. 75. Email Phone Nickname
  76. 76. USERNAMES MUST BE UNIQUE
  77. 77. Scope
  78. 78. Tenant Service Namespace Global Universal
  79. 79. Do you know for which scope you are designing?
  80. 80. Most of us need service-scoped uniqueness
  81. 81. Scope Type
  82. 82. External Internal
  83. 83. External Identifier
  84. 84. iglazer@idpro.org +1 202 670 4426 iglazer External Identifier
  85. 85. iglazer@idpro.org +1 202 670 4426 iglazer External Identifier Internal Identifier
  86. 86. iglazer@idpro.org +1 202 670 4426 iglazer External Identifier Internal Identifier 005o0000000s4Hu
  87. 87. iglazer@idpro.org +1 202 670 4426 iglazer 005o0000000s4Hu User-controlled lifecycle Enterprise-controlled lifecycle
  88. 88. iglazer@idpro.org +1 202 670 4426 iglazer 005o0000000s4Hu Doesn’t have to be unique Has to be unique
  89. 89. iglazer@idpro.org External Identifier
  90. 90. iglazer@idpro.org iglazer@idpro.org External Identifier Internal Identifier = =
  91. 91. iglazer@idpro.org iglazer@idpro.org External Identifier Internal Identifier =
  92. 92. INTERSECTION MEMORABLE & UNIQUE
  93. 93. Memorable iglazer@idpro.org +1 202 670 4426 iglazer
  94. 94. Memorable iglazer@idpro.org +1 202 670 4426 iglazer Not 005o0000000s4Hu did:example:21tDAKCERh95uGgKbJNHYp d5372288-697b-42bf-928a-562aca0deeaf
  95. 95. External iglazer@idpro.org +1 202 670 4426 iglazer Internal 005o0000000s4Hu did:example:21tDAKCERh95uGgKbJNHYp d5372288-697b-42bf-928a-562aca0deeaf
  96. 96. Story time
  97. 97. File Fina Lana strikes again
  98. 98. USERNAMES RECOVERABLE
  99. 99. Recovery > Reminder
  100. 100. Recovery = Reconnect
  101. 101. Recovery = Re-Proof
  102. 102. Recovery ≠ Reuse
  103. 103. Recovery > Reminder
  104. 104. iglazer@gartner.com ihazemail@geocitites.com iglazer3251
  105. 105. Backup usernames & Multiple usernames
  106. 106. Username reuse is real
  107. 107. Identifier stays unique
  108. 108. The person isn’t
  109. 109. Recovery = Re-Proof
  110. 110. SELECTING A USERNAME SCHEME
  111. 111. 5 Aspects as a Guide
  112. 112. Memorable
  113. 113. Memorable Self-Determination
  114. 114. Memorable Self-Determination Classified Public
  115. 115. Memorable Self-Determination Classified Public Recovery Deflecting
  116. 116. Memorable Self-Determination Classified Public Recovery Deflecting Non-reusable
  117. 117. Email
  118. 118. Phone
  119. 119. Nickname
  120. 120. Random Characters
  121. 121. IN SUMMARY
  122. 122. 5 Aspects of Usernames
  123. 123. Not Secret
  124. 124. Not Secret Public
  125. 125. Not Secret Public Memorable
  126. 126. Not Secret Public Memorable Unique
  127. 127. Not Secret Public Memorable UniqueRecoverable
  128. 128. Power to name in the hands of the individual
  129. 129. Support self-determination
  130. 130. Support empowerment
  131. 131. Call me…
  132. 132. iglazer@salesforce.com iglazer@idpro.org @iglazer
  133. 133. THANK YOU!

×