This event has ended. Visit the official site or create your own event on Sched.
Back To Schedule
Thursday, October 22 • 10:00am - 11:00am
Why Some Multi-Factor Authentication Technology is Irresponsible

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Unlike most analyst or vendor-related reports, this is an independent, critical assessment of authentication technologies and methods.

This talk covers multi-factor authentication, and what to look for if you are planning a product refresh, or implementing a solution for the first time. Since there are over 200 authentication vendors, it is not easy to select the best solution for your needs. This talk will arm you with questions to ask, plus identify some suboptimal technologies to avoid. Your feedback to vendors will help them provide better, more secure products and services.

Just say, “No,” or request alternatives for the following suboptimal choices in some multi-factor authentication products:
• 2D fingerprints, other already-hacked or easily hacked biometrics
• Quick Response (QR) codes
• Short Message Service One-Time Password (SMS OTP)
• JavaScript requirements
• Weak account recovery methods
• Overreliance on GPS
• Lack of mobile device risk analysis
• Lack of checks for OWASP Mobile Top 10 Risks for mobile apps
• Encryption with backdoors, or mysterious constants or “magic numbers” of unknown provenance.”
• Elastic definition of multi-factor authentication: there is a growing chasm between NIST’s definition and newer definitions from some vendors.

Video to the talk 

avatar for Clare Nelson

Clare Nelson

CEO, ClearMark Consulting
Clare lives at the nexus of security, privacy, and identity. Her middle name is MFA, and she loves all things identity. She forges identity solution roadmaps and tracks emerging technologies, especially in light of GDPR and PSD2. She recently evaluated 200+ MFA vendors, resulting... Read More →

Thursday October 22, 2015 10:00am - 11:00am CDT
Gemalto Room Norris Conference Center, Austin
  Auth and Crypto Track
  • Host Organization

Attendees (0)