10375 Centurion Parkway N, Suite 120
Jacksonville, FL 32256
Speaker: Dr. Johannes Ullrich, Dean of Research for the SANS Technology Institute
Topic: Beyond Passwords. Emerging Phishing Resistant Authentication Techniques
Everybody uses passwords, but everybody knows they do not work. Over the last couple years, large data leaks from various sites have been aggregated into databases of hundreds of millions of passwords that are easily available and heavily used in credential stuffing attacks. In this presentation, we will first talk about the current threats to password based authentication systems, and how even some two factor authentication methods are vulnerable to phishing. We will discuss some defenses against credential stuffing, and show how credential stuffing is used in current attacks. But what is really needed is a phishing resistant authentication mechanism. The trick with phishing resistant authentication mechanisms is that the target site first needs to authenticate itself to the user. Various past methods (like TLS) have failed to accomplish this. But a new set of token based authentication mechanisms, like U2F and WebM, promise to change this and take the human out of the loop. This presentation will demonstrate how to implement these techniques and what hurdles have to be overcome to implement them.
Thank you Platinum Sponsors: