Password Less Authentication, Authorization and Payments presented at OWASP AppSecAsiaPac 2012

by Srikar Sagi,

Tags: Security

Summary : A Mobile is ONE\'S OWN Identity in 21st Century Authentication & Authorization, is done via two independent networks : The IP network , The mobile network. A hacker who gets any sensitive user account information from the browser, cannot access the user\'s account unless he gets hold on their mobile phone & Users do not have to remember lengthy or complicated passwords, keep changing them frequently, no more tokens, just your identity i.e. your Mobile phone.
To Minimize A/c. takeovers, Authentication & Authorization in the presence of malware mess & Replace OTPs & Broken 2 Factor Auth by using personal device- "Cell Phone & TeleCom Network" to prove Identity on the Net using Public Key Encryption & Digital Signatures to improve security, reduce costs & relieve users pain to remember many passwords, no more tokens.