Hardware security keys, where are they?

Presented at Canterbury Hacker Camp (2022), Nov. 25, 2022, 1 p.m. (Unknown duration)

As hardware security keys became widely available, our keyrings were doomed to be clogged with dozens of USB devices. But years later, what happened? Governments have used smart cards for decades, and big tech companies rolled their own years ago. What about everyone else? It is clear that hardware security keys fill a huge gap in any threat model, but why are they still not a mainstream method of authentication?

Let's look at how modern hardware security keys work, why they are such an effective authentication mechanism, what you would use them for, and how to tackle some of the challenges with rolling them out in your organisation.

Presenters:

• Jeremy Stott - Jeremy Stott
  Jeremy gets excited about cloud providers announcing new features that fix their own security flaws, and likes to read payment processing standards for fun. His background is in security, software engineering, and electronics with over 10 years of experience in misconfiguring cloud infrastructure, failing builds, runtime errors, and releasing blue smoke. When his kids grow up, he will be able to pass on skills such as opening capacitive touch doors remotely, getting discounts at fuel pumps, and signing SSH certificates.

Links:

• https://2022.chcon.nz/speakers/jeremy/

Similar Presentations:

• Global AppSec - DC 2019 / Keys Under Doormats: Problems and Solutions for Securely Storing Credentials in Web Applications
• DEF CON 29 (2021) / The Mechanics of Compromising Low Entropy RSA Keys
• DEF CON 26 (2018) / Reaping and breaking keys at scale: when crypto meets big data