Explore the complex challenges of modern authentication systems in this 31-minute conference talk from linux.conf.au. Delve into the unintended consequences of enhanced security measures, such as password managers, two-factor authentication, and randomized security questions. Examine how these improvements can inadvertently complicate account recovery, especially in cases of user incapacitation or death. Consider the delicate balance between strengthening authentication security and ensuring legitimate account access for trusted associates or bereaved family members. Analyze various scenarios, potential solutions, and personal mitigation strategies to address these emerging issues in the evolving landscape of digital identity and account management.
Authentication Afterlife - The Dark Side of Making Lost Password Recovery Harder
linux.conf.au via YouTube
Overview
Syllabus
Intro
Tabletop Scenarios
Tabletop Scenario #1
Administrivia
Perils of the naive solution
Avoiding the 2FA bypass
Tabletop Scenario #2
Possible solutions
Tabletop Scenario #3
Impersonation
Security Questions
Changing Password Every Login Easier Than Remembering Password
Alternate Authentication Methods - for Attackers
Recovery with 2FA enabled
2FA recovery
Tabletop Scenario #4
Unhappy Story
Potential Mitigations
First steps
Ongoing steps
Tabletop Scenario #5 - Account discovery
Considering death
Personal observations - 1/2
Personal mitigations - 1/3
Keep good records
Personal mitigations - 3/3
Personal mitigations - parallels
Conclusions - 2/2
Questions/Discussion
Taught by
linux.conf.au
