Immerse yourself in hands-on cyber security training at SANS Santa Monica 2019! Save $350 thru 8/28.


To attend this webcast, login to your SANS Account or create your Account.

How Two Factor Authentication Defends Against User Targeted Attacks

  • Thursday, November 21st, 2013 at 1:00 PM EST (18:00:00 UTC)
  • John Pescatore
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • Duo Security

You can now attend the webcast using your mobile device!


Last year, stolen user credentials were used in four out of five data breaches.[1]

Amidst an ever-changing threat landscape, this statistic suggests a clear trend: attackers increasingly target individual users to gain fully-privileged, insider access. Security processes and controls can reduce the attack aperture, but user passwords still represent the weakest link in the security chain.

Two-factor authentication originally emerged as a solution over twenty years ago. It creates the best protection against stolen passwords; adding a layer of defense to the broad and vulnerable perimeter that the users represent. However, traditional two-factor solutions have been expensive, intrusive, and a challenge to deploy. These product shortcomings have led to a history of failed rollouts and a lingering reputation of two factor as cumbersome.

Today, a new breed of two-factor solutions has evolved that offer versatility, efficiency, and powerful developer resources. These key virtues have enabled broader adoption among modern, complex organizations and even consumer-oriented sites like Facebook, Twitter, Gmail and Evernote.

With billions of user accounts across varying demographics, it may come as a surprise that social networks are leading the implementation of modern authentication. The technology's acceptance by social networks reflects an understanding--and an appropriate response--to the insecurity of user logins. Its acceptance by consumers illustrates the dramatic improvements in two-factor usability.

Attackers focus on stealing passwords to gain access to valuable information. Enterprise organizations--in possession of the most sensitive data--can employ a strong perimeter by implementing modern two-factor authentication.

Join us for a webcast on strong authentication's evolution over the years, and its role in disrupting user-targeted attacks, featuring John Pescatore, SANS Director and Dug Song, Duo Security CEO and co-founder.

Speaker Bios

John Pescatore

John Pescatore joined SANS as director of emerging security trends in January 2013. He has 35 years experience in computer, network and information security. Prior to joining the SANS Institute, Mr. Pescatore was Gartnerís lead security analyst for 13 years, working with global 5000 corporations and major technology and service providers. Before joining Gartner, Mr. Pescatore was Senior Consultant for Entrust Technologies and Trusted Information Systems, where he started, grew and managed security consulting groups focusing on firewalls, network security, encryption and Public Key Infrastructures. Prior to that, Mr. Pescatore spent 11 years with GTE developing secure computing and telecommunications systems. Mr. Pescatore began his career at the National Security Agency, where he designed secure voice systems, and the United States Secret Service, where he developed secure communications and surveillance systems. He holds a Bachelor's degree in Electrical Engineering from the University of Connecticut and is a NSA Certified Cryptologic Engineer. He is also an Extra class amateur radio operator, callsign K3TN.

Dug Song

Dug has a history of leading successful products and companies to solve pressing security problems. Dug spent 7 years as founding Chief Security Architect at Arbor Networks, protecting 80% of the world's Internet service providers, and growing to $120M+ annual revenue before its acquisition by Danaher. Before Arbor, Dug built the first commercial network anomaly detection system (acquired by NFR / Check Point), and managed security in the world's largest production Kerberos environment (University of Michigan). Dug's contributions to the security community include popular open source security (OpenSSH, libdnet, dsniff), distributed filesystem (NFSv4), and operating system (OpenBSD) projects, and co-founding the USENIX Workshop On Offensive Technologies (WOOT).

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.