What you know, what you have and what you are: MFA in the modern age presented at BSidesNashville 2019

by Erich Kron,

Summary : A simple username and password are not enough to protect accounts and vital assets anymore. Time and time again, we see various types of accounts being compromised due to password reuse, phishing, smishing and vishing scams and overall poor password hygiene.Throwing money at this problem doesn’t make it go away. Social engineering methods and the ‘evil genius” cyber criminals behind the attacks are furiously innovating, keeping IT off-guard.In this session we will discuss different types of multi-factor authentication (MFA) such as hardware keys, smart cards, SMS and application-based factors. The session will explain the differences between hardware-based One Time Passwords (HOTP), Time-based One Time Passwords (TOTP) and Personal Identity Verification (PIV) credentials. We will talk about the pros and cons of each, the vulnerabilities and the various ways that they can be leveraged to help protect accounts.The session is designed for people interested in expanding their knowledge of multi-factor authentication and will cover:The damage being done through credential theftHardware and software tokensPIV certificates and Smart Card login optionsPassword vaults and MFA protectionsProtecting social media accounts