Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
AppSecUSA 2015 - Buy ticket at http://2015.appsecusa.org/buy/
 
View analytic
Thursday, September 24 • 11:30am - 12:25pm
The Inmates Are Running the Asylum – Why Some Multi-Factor Authentication Technology is Irresponsible

Sign up or log in to save this to your schedule and see who's attending!

Outline:
- Define multi-factor authentication
- Describe the current state of the technology
- Describe key problems
o 2D fingerprints, other already-hacked biometrics
o QR codes
o SMS OTP (subject to MITM)
o JavaScript requirements
o Weak account recovery methods
o Lack of mobile device risk analysis, not using OWASP Mobile Top 10 Risks for mobile
o Encryption with backdoors
- Recipe for what you can do

As German defense minister, Ursula von der Leyen can attest, fingerprints can be hacked, even from photographs. Facial and other biometrics can also be hacked. Why, then, is biometric-based authentication so fashionable?

It is easy to reset a password. It is hard to reset fingerprints.

Why are there over 200 multi-factor authentication vendors? Why is multi-factor authentication so expensive? Are there open source alternatives? What is the FIDO Alliance? Is it marketing hype or great standards?

Unfortunately, the current multi-factor technology offerings reflect evolutionary slip-slide, not quantum leaps forward. However, one or two technologies show promise.

Speakers
avatar for Clare Nelson

Clare Nelson

Founder, CEO, ClearMark Consulting
Carnivorous, competitive yogi. | | Passionate about multi-factor authentication, IoT, mobile security. Over 30 years in industry. Worked on encrypted TCP/IP variants for NSA. System administration was the best schooling ever, beside a degree in math. Have done product management, sales, and alliances (so I can help you avoid bad sales experiences-- if a sales person is too pesky, just ask for the product's threat model). Was VP Business... Read More →


Thursday September 24, 2015 11:30am - 12:25pm
Room A