Loading…
This event has ended. Visit the official site or create your own event on Sched.
View analytic
Thursday, October 22 • 10:00am - 11:00am
Why Some Multi-Factor Authentication Technology is Irresponsible

Sign up or log in to save this to your schedule and see who's attending!

Unlike most analyst or vendor-related reports, this is an independent, critical assessment of authentication technologies and methods.

This talk covers multi-factor authentication, and what to look for if you are planning a product refresh, or implementing a solution for the first time. Since there are over 200 authentication vendors, it is not easy to select the best solution for your needs. This talk will arm you with questions to ask, plus identify some suboptimal technologies to avoid. Your feedback to vendors will help them provide better, more secure products and services.

Just say, “No,” or request alternatives for the following suboptimal choices in some multi-factor authentication products:
• 2D fingerprints, other already-hacked or easily hacked biometrics
• Quick Response (QR) codes
• Short Message Service One-Time Password (SMS OTP)
• JavaScript requirements
• Weak account recovery methods
• Overreliance on GPS
• Lack of mobile device risk analysis
• Lack of checks for OWASP Mobile Top 10 Risks for mobile apps
• Encryption with backdoors, or mysterious constants or “magic numbers” of unknown provenance.”
• Elastic definition of multi-factor authentication: there is a growing chasm between NIST’s definition and newer definitions from some vendors.

Video to the talk 

Speakers
avatar for Clare Nelson

Clare Nelson

Founder, CEO, ClearMark Consulting
Carnivorous, competitive yogi. | | Passionate about multi-factor authentication, IoT, mobile security. Over 30 years in industry. Worked on encrypted TCP/IP variants for NSA. System administration was the best schooling ever, beside a degree in math. Have done product management, sales, and alliances (so I can help you avoid bad sales experiences-- if a sales person is too pesky, just ask for the product's threat model). Was VP Business... Read More →


Thursday October 22, 2015 10:00am - 11:00am
Gemalto Room Norris Conference Center, Austin
  • Host Organization