Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fear and Loathing of 2fa Igor Bulatenko.

Published byKatherine Clark Modified over 6 years ago

Similar presentations

Presentation on theme: "Fear and Loathing of 2fa Igor Bulatenko."— Presentation transcript:

1 Fear and Loathing of 2fa Igor Bulatenko

2 How they steal your pass
Social engineering Online-bruteforce Server compromise Client compromise

3 How to choose (Use web.archive.org) Auth methods Flexibility System cover API (auth + admin)

4 Auth methods Interactive Non-interactive SMS code Token code
Phone call code App code Non-interactive Mobile app push Phone call confirmation

5 System coverage *nix Windows Databases Web apps All others

6 *nix auth Native 2fa since OpenSSH 6.2 ( Password/keyboard interactive Force command Non native support via pam_radius Bulk actions Server-level switch

7 Windows Authentication provider Protected methods (local/RDP/winrm/…)
Server-level switch

8 Databases Oracle DB Postgresql Radius auth DB Links
IDE multiple sessions Bulk actions User-level switch Postgresql pam_auth

9 Auth proxy LDAP/Radius Interactive/non-interactive
Splitter in password

10 Common cases Non android/iOS devices Non smartphone devices
Bulk actions

11 Tokens RSA SecureID like HOTP Yubikey

12 Q&A

Download ppt "Fear and Loathing of 2fa Igor Bulatenko."

Similar presentations

AAI for Apps Using AAI with your Smartphone Daniel Latzer Zürich, April 2013

AAI for Apps Using AAI with your Smartphone Daniel Latzer Zürich, April 2013
Sophos Mobile Control SophSkills Session Name: Thomas Lippert – Product Management DPG Date: 17-Feb-2011.

Sophos Mobile Control SophSkills Session Name: Thomas Lippert – Product Management DPG Date: 17-Feb-2011.
©2012 Microsoft Corporation. All rights reserved..

©2012 Microsoft Corporation. All rights reserved..
©2012 Microsoft Corporation. All rights reserved. Content based on SharePoint 15 Technical Preview and published July 2012.

©2012 Microsoft Corporation. All rights reserved. Content based on SharePoint 15 Technical Preview and published July 2012.
Annotated User Input Screens from EM Oracle Custom Install Install.

Annotated User Input Screens from EM Oracle Custom Install Install.
PHP and CSS to control web apps styles. CSS is used to style today’s web applications.

PHP and CSS to control web apps styles. CSS is used to style today’s web applications.
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
FI-WARE Testbed Access Control temporary solution.

FI-WARE Testbed Access Control temporary solution.
Azure AD & Office 365 1. Logon with Username / Password 2. MFA challenge 3. Reply to MFA challenge -1-way or 2-way SMS -Phone call -Mobile Application.

Azure AD & Office Logon with Username / Password 2. MFA challenge 3. Reply to MFA challenge -1-way or 2-way SMS -Phone call -Mobile Application.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
The Office of Information Technology Two-Factor Authentication.

The Office of Information Technology Two-Factor Authentication.
Copyright © 2012 Splunk Inc. Splunking PeopleSoft Marquis Montgomery Security Architect/Team Lead, Corporate Security.

Copyright © 2012 Splunk Inc. Splunking PeopleSoft Marquis Montgomery Security Architect/Team Lead, Corporate Security.
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.

Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
Information Security for Managers (Master MIS)

Information Security for Managers (Master MIS)
System Architecture.  Windows Phone 7  Mobile Phone Application  User – End Perspective  Google App Engine  Administration Console  Handles authentication,

System Architecture.  Windows Phone 7  Mobile Phone Application  User – End Perspective  Google App Engine  Administration Console  Handles authentication,
Key Management with the Voltage Data Protection Server Luther Martin IEEE P1619.3 May 7, 2007.

Key Management with the Voltage Data Protection Server Luther Martin IEEE P May 7, 2007.
DATA NOTIFICATIONS AUTH SERVER LOGIC LOGGING DIAGNOSTICS PLATFORMS: SCHEDULER SCALE.

DATA NOTIFICATIONS AUTH SERVER LOGIC LOGGING DIAGNOSTICS PLATFORMS: SCHEDULER SCALE.
Lieberman Software Random Password Manager & Two-Factor Authentication.

Lieberman Software Random Password Manager & Two-Factor Authentication.

Similar presentations

Ads by Google