The Future of Authentication: How Two Factor Authentication is Dying and Whats Next

  • Webcast Aired Tuesday, 04 Jun 2019 10:30AM EDT (04 Jun 2019 14:30 UTC)
  • Speaker: Dr. Johannes Ullrich

We all know that passwords do not work. For many years, ubiquitous phishing attacks, brute forcing, and credential stuffing using reused passwords has shown that organizations should not rely on passwords to authenticate users. This has pushed many organizations to race to implement two factor authentication. Two factor authentication has become a lot cheaper and simpler to implement in recent years, but the bad guys didn't rest on their data stashes either, and implemented some effective means to attack sites protected by two factor authentication. In addition, more and more users are using mobile devices as primary means to access web applications. Mobile web applications are often difficult to use with complex passwords and two factor authentication. Luckily, standard organizations have been working on this problem, and we now have some emerging standards that are being deployed in popular browsers. In this webcast, you will earn how these new standards like WebAuthn work, how to implement them, and what attacks they protect from.