cy: MFA, OTP, SMS, U2F, WTF?! - Multifaktor-Authentifizierung ist sehr gut!

Explore the world of multifactor authentication, debunking common myths and exploring secure methods like U2F, FIDO2, and WebAuthn to keep your users and data safe.

Key takeaways
  • Authenticators: email, SMS, etc. are not secure as they can be intercepted.
  • MFA provides an additional layer of security, but it’s not perfect.
  • OTP is a common method for MFA, but it’s vulnerable to phishing attacks.
  • U2F is a more secure method of MFA, but it has limited adoption.
  • FIDO2 is a new standard for MFA that is more secure than U2F.
  • WebAuthn is a FIDO2-based authentication protocol.
  • MFA should be implemented with multiple factors, including something you know, something you have, and something you are.
  • SMS-based MFA is insecure as it can be intercepted.
  • Authenticators should be used instead of SMS-based MFA.
  • Authenticators need to be properly implemented to be secure.
  • Implementing MFA requires careful planning and consideration.
  • MFA should be implemented as part of a larger security strategy.
  • It’s hard to get people to use MFA properly.

More talks

DjangoCon 2022 | Add Multi-Factor Authentication (MFA) to Django in Mere Minutes

AAD Joined Machines - The New Lateral Movement

Backdooring and Hijacking Azure AD Accounts by Abusing External Identities

Configuration and Authentication: Michael Paquier - PGCon 2023

Uncovering Azure's Silent Threats: A Journey into Cloud Vulnerabilities

The State of Passwordless Auth on the Web – Phil Nash, JSNation 2023

Programming Phoenix LiveView • Sophie DeBenedetto, Bruce Tate & Steven Nunez

When a Zero Day and Access Keys Collide in the Cloud: Responding to the SugarCRM 0-Day Vulnerability