Multi-Factor Authentication (MFA) has gone mainstream, so why are we still getting phished? We will provide some answers, via a demonstration of hacking humans and authentication frameworks, while exploring the weaknesses and engineering failures that permit these attacks. We will then focus on armoring up your identity ecosystem to create resilient, hardened interfaces designed for advanced, pervasive and coordinated attacks.
Passwordless, FIDO2 tokens, and biometrics are great, but without armoring the ecosystem and addressing systemic issues, you have merely shifted the problem to other attack vectors. This talk will present a roadmap to advancing your identity defenses, and instituting a 30/60/180 day plan to drive implementation and succeed.
Learning Objectives:
Understand and describe the engineering and human flaws leading to MFA bypass compromises.
Understand the underlying weaknesses of one's identity ecosystem that makes it vulnerable to attack.
Implement a 30/90/180 day action plan to armor your identity systems against attack.
