Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Access Keys Will Kill You Before You Kill the Password

Black Hat via YouTube

Overview

Explore the critical security risks associated with AWS access keys and learn how to implement robust Multi-Factor Authentication (MFA) policies in this 32-minute Black Hat conference talk. Discover the potential dangers of storing long-lived access keys in plaintext files and sharing them among developers. Gain insights into enforcing consistent MFA requirements for all users, regardless of their authentication method. Examine open-source tools, including a newly released solution, that facilitate seamless work processes while maintaining MFA-protected API access in AWS accounts. Learn about implementing stronger access controls, addressing AWS security issues, and improving workflow with new policies. Understand the importance of saving MFA serials, utilizing SCS sessions, and adapting to MFA changes in AWS API CLI. Conclude with valuable information on key rotation practices and participate in a Q&A session to deepen your understanding of AWS security best practices.

Syllabus

Intro
Welcome
Agenda
Security
Strong Access Controls
AWS
Security Issues
Access Keys
MFA Policies
Better Workflow
New Policies
Save MFA Serial
You Need SCS Session
MFA Changes
AWS API CLI
RotateMyKey
Conclusion
Questions

Taught by

Black Hat

Reviews

Start your review of Access Keys Will Kill You Before You Kill the Password

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.