Fear and Loathing of 2fa Igor Bulatenko.

Slides:



Advertisements
Similar presentations
AAI for Apps Using AAI with your Smartphone Daniel Latzer Zürich, April 2013
Advertisements

Sophos Mobile Control SophSkills Session Name: Thomas Lippert – Product Management DPG Date: 17-Feb-2011.
©2012 Microsoft Corporation. All rights reserved..
©2012 Microsoft Corporation. All rights reserved. Content based on SharePoint 15 Technical Preview and published July 2012.
Annotated User Input Screens from EM Oracle Custom Install Install.
PHP and CSS to control web apps styles. CSS is used to style today’s web applications.
Agenda AD to Windows Azure AD Sync Options Federation Architecture
FI-WARE Testbed Access Control temporary solution.
Azure AD & Office Logon with Username / Password 2. MFA challenge 3. Reply to MFA challenge -1-way or 2-way SMS -Phone call -Mobile Application.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
The Office of Information Technology Two-Factor Authentication.
Copyright © 2012 Splunk Inc. Splunking PeopleSoft Marquis Montgomery Security Architect/Team Lead, Corporate Security.
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
Information Security for Managers (Master MIS)
System Architecture.  Windows Phone 7  Mobile Phone Application  User – End Perspective  Google App Engine  Administration Console  Handles authentication,
Key Management with the Voltage Data Protection Server Luther Martin IEEE P May 7, 2007.
DATA NOTIFICATIONS AUTH SERVER LOGIC LOGGING DIAGNOSTICS PLATFORMS: SCHEDULER SCALE.
Lieberman Software Random Password Manager & Two-Factor Authentication.
User ProfileDescriptionPercentage of users Offline usersNo device currently turned on20% Inactive usersDevices are online, but no data changes.
101 ways to authenticate with Azure Active Directory
Case Study.  Client needed to build data collection agents for various mobile platform  This needs to be integrated with the existing J2ee server 
User Authentication Modules Leland Wallace Sr. Engineer AppleShare Leland Wallace Sr. Engineer AppleShare.
WINDOWS AZURE MOBILE SERVICES AN INTRODUCTION Bret Stateham Technical Evangelist
Mohit Anand, Software Engineer Adobe 1 Selecting GUI Automation Testing Tool for Mobile Domain.
FriendFinder Location-aware social networking on mobile phones.
Simple Back-End Data Access WCF, SOAP WCF, SOAP REST, XML/JSON, Atom/RSS Mashups (Using REST APIs) WCF “Data Push” (Server to Client)
| | Top 4 Benefits of Hybrid Mobile Apps.
FriendFinder Location-aware social networking on mobile phones.
Adxstudio Portals Training
CROSS PLATFORM MOBILITY
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Two-Factor Autentication myUTSA ID+ It takes two!.
Today’s Applications Web API Browser Native app Web API Web API
© 2012 IBM Corporation IBM Worklight Overview Martin Triska – IBM Worklight specialist (420) July 2012.
Award-Winning Provider of Parking since 2008 Parking reservation technology platform Wide inventory of car parks Booking management system Statistics.
Time-base One-time Password Eddy Kleinjan, Data Access Europe.
BuckeyePass Multi-Factor Authentication. 2 What is Multi-Factor Authentication? Adds a 2 nd layer of security Combines something you know with something.
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Active Directory Modernization Technical competitive comparison
CLOUDENTIFY.
ArchPass Duo Presentation
Barracuda SSL VPN Remote, Authenticated Access to Applications and Data Version 2.6 | July 2014.
2 Factor & Multi Factor Authentication
562: Power of Single Sign-On in OpenEdge
TurningPoint ResponseWare
AuthLite 2-Factor for Windows Administration
Do you know who your employees are sharing their credentials with
ASA hybrid AGM 11.15am, Wednesday 10 May 2017
Two-factor authentication
2-Factor Authentication Update
Secure Remote Access to on-premises Web Apps using Azure AD
Multifactor Authentication
Two for All and All for Two
Building Cross-Platform Apps with Windows Azure Mobile Services
no unique identification
Firebase Cloud messaging A primer
Secure Element API An introduction.
Services Provided by Network Operating Systems
Google 2 Step Verification Backup Codes Google 2 Steps Verification Backup Codes is very important to get access Gmail account. Backup codes is usually.
Data Professional’s junk drawer
Data Professional’s junk drawer
Office 365 Identity Management
Multi-Factor Authentication
ACS Deployment Scenarios
Office 365 Development.
Unified Real-Time Communications with Pàdé
New type of devices for identification of users of “Raiffeisen ONLINE” – Hardware and Software Tokens.
Microsoft Virtual Academy
Presentation transcript:

Fear and Loathing of 2fa Igor Bulatenko

How they steal your pass Social engineering Online-bruteforce Server compromise Client compromise

How to choose https://twofactorauth.org/providers/ (Use web.archive.org) Auth methods Flexibility System cover API (auth + admin)

Auth methods Interactive Non-interactive SMS code Token code Phone call code App code Non-interactive Mobile app push Phone call confirmation

System coverage *nix Windows Databases Web apps All others

*nix auth Native 2fa since OpenSSH 6.2 (https://lwn.net/Articles/544640/) Password/keyboard interactive Force command Non native support via pam_radius Bulk actions Server-level switch

Windows Authentication provider Protected methods (local/RDP/winrm/…) Server-level switch

Databases Oracle DB Postgresql Radius auth DB Links IDE multiple sessions Bulk actions User-level switch Postgresql pam_auth

Auth proxy LDAP/Radius Interactive/non-interactive Splitter in password

Common cases Non android/iOS devices Non smartphone devices Bulk actions

Tokens RSA SecureID like HOTP Yubikey

Q&A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.