cy: MFA, OTP, SMS, U2F, WTF?! - Multifaktor-Authentifizierung ist sehr gut!

Explore the world of multifactor authentication, debunking common myths and exploring secure methods like U2F, FIDO2, and WebAuthn to keep your users and data safe.

Key takeaways
  • Authenticators: email, SMS, etc. are not secure as they can be intercepted.
  • MFA provides an additional layer of security, but it’s not perfect.
  • OTP is a common method for MFA, but it’s vulnerable to phishing attacks.
  • U2F is a more secure method of MFA, but it has limited adoption.
  • FIDO2 is a new standard for MFA that is more secure than U2F.
  • WebAuthn is a FIDO2-based authentication protocol.
  • MFA should be implemented with multiple factors, including something you know, something you have, and something you are.
  • SMS-based MFA is insecure as it can be intercepted.
  • Authenticators should be used instead of SMS-based MFA.
  • Authenticators need to be properly implemented to be secure.
  • Implementing MFA requires careful planning and consideration.
  • MFA should be implemented as part of a larger security strategy.
  • It’s hard to get people to use MFA properly.

More talks

RubyConf 2023 - Demystifying the Ruby package ecosystem by Jenny Shen

Programming Phoenix LiveView • Sophie DeBenedetto, Bruce Tate & Steven Nunez

SAINTCON 2023 - Matt Durrin - The Need For Speed

Configuration and Authentication: Michael Paquier - PGCon 2023

AAD Joined Machines - The New Lateral Movement

34231 WhyCyberInsuranceShouldbeYourSOCsNewBestFriend v2

DjangoCon 2022 | Add Multi-Factor Authentication (MFA) to Django in Mere Minutes

Programming Phoenix LiveView • Sophie DeBenedetto, Bruce Tate & Steven Nunez • GOTO 2023