This session will explore failure modes of advanced authentication and show exploit bypasses of multifactor auth systems. Then discussion will provide pragmatic means for defence of credential systems, including normalizing credential defence, baselines, credential reset engineering and architecture of a ‘credential firewall’, so that network firewalls aren’t bypassed by unsafe credential practices.
Learning Objectives: 1: Understand authentication failure modes. 2: Learn ways that advanced authentication is bypassed. 3: Learn practical ways to protect and defend authentication systems.
Pre-Requisites: Understanding of authentication models, basic understanding of browser/TLS security models, and basic understanding of identity and access management.