Authentication Afterlife - The Dark Side of Making Lost Password Recovery Harder
linux.conf.au via YouTube
Overview
Syllabus
Intro
Tabletop Scenarios
Tabletop Scenario #1
Administrivia
Perils of the naive solution
Avoiding the 2FA bypass
Tabletop Scenario #2
Possible solutions
Tabletop Scenario #3
Impersonation
Security Questions
Changing Password Every Login Easier Than Remembering Password
Alternate Authentication Methods - for Attackers
Recovery with 2FA enabled
2FA recovery
Tabletop Scenario #4
Unhappy Story
Potential Mitigations
First steps
Ongoing steps
Tabletop Scenario #5 - Account discovery
Considering death
Personal observations - 1/2
Personal mitigations - 1/3
Keep good records
Personal mitigations - 3/3
Personal mitigations - parallels
Conclusions - 2/2
Questions/Discussion
Taught by
linux.conf.au