InfoconDB

Presented at DeepSec 2020 „The Masquerade“, Unknown date/time (Unknown duration).

Don't say no one likes passwords. It isn't true. Criminals love them. Passwords are easy to steal, copy, and re-use. Who wouldn't like that? Well, I mean, other than victims and those in charge of protecting systems. Between user complaints about complex password policies and admin complaints about help desk calls and password resets, perhaps it is time for a change. After all, for as long as people have been securing IT, the credentials have been the first and last line of defense.

This talk provides a walking tour of the authentication landscape. Red versus blue style, we'll compare attacks and defenses and walk along the evolution of strong authentication. To the left, we'll see multi-factor with SMS, soft tokens, push authentication, and biometrics. To the right, we'll see single sign-on with SAML and OIDC. Look straight ahead for passwordless methods such as Windows Hello and FIDO2. This session will conclude with the latest practices for protecting authentication and give a glimpse of the changes to come. Attendees will be able to provide authentication that even a criminal could love.

Presenters:

Wolfgang Goerlich - Duo
J. Wolfgang Goerlich is an Advisory CISO for Duo Security. Prior to this role, he led IT and IT security in the healthcare and financial services verticals. Wolfgang has held VP positions at several consulting firms, leading advisory and assessment practices. He is an active part of the security community, co-founding and organizing security conferences. Wolfgang regularly advises on and presents on the topics of security architecture and design, identity and access management, data governance, secure development life cycles, zero-trust security, and more.

Street Cred: Fixing Authentication From Passwords To Passwordless

Presenters:

Links:

Similar Presentations: