Speaker: Ashish Jain, Chief Product Officer, Arkose Labs
Date: Thursday, June 23, 2022
Location: Denver, CO

Description: Identity teams focus on providing “good users” as frictionless an experience as possible. We measure identity teams on metrics such as new registration/growth numbers, sign-in completion rate, and guest-to-member conversion. This leads to teams being hesitant to use strong authentication options such as SMS, push notifications, and biometric authentication since they add friction resulting in user abandonment.

The first page a “good user” encounters on a site is often a registration/login one. Thus it is important that “good users” have a good experience on these pages. However, registration and login are also the most attacked pages by fraudsters, so lowering friction there ends up giving “bad users” a better experience as well.

In this session, we’ll explore Dark Web techniques, open-source tools, and services that fraudsters use for credential stuffing, fake account creations, and account takeovers. To address these, the right authentication strategy is a combination of active authentication and passive authentication that includes IP reputation, device fingerprinting, and user behavior analysis. This allows continuing to provide a frictionless experience for “good users” while raising the defenses for “bad users”.