filmov
tv
PW - Could Passwordless be Worse than Passwords?
Показать описание
PasswordsCon, 11:30 Tuesday
The use of passwordless technologies has increased lately, and more companies are providing their support for it; this includes big names such as Microsoft, Apple, and Google. Passwordless is a no-brainer for increasing account security since passwords are one of the most common targets of attacks still in 2023. While Passwordless technologies are inherently more secure than traditional password-based authentication, there seems to be an overall idea of this technology being unhackable, and a perception that account takeover and user impersonation are not even possible when using it.
This talk will cover real-world risks and vulnerabilities of passwordless solutions for Web applications and how a faulty implementation can lead to a more significant security breach than when using passwords alone. We will see how as a consequence of an attacker managing to compromise the passwordless authentication, users will not have that tiny piece of protection preventing other people from accessing their details: ironically, a password.
This talk will also cover the best practices for developers looking to integrate a passwordless mechanism (WebAuthn) into their Web application. Recommendations will be included for pentesters, enterprises, and end-users, too.
Aldo Salas
The use of passwordless technologies has increased lately, and more companies are providing their support for it; this includes big names such as Microsoft, Apple, and Google. Passwordless is a no-brainer for increasing account security since passwords are one of the most common targets of attacks still in 2023. While Passwordless technologies are inherently more secure than traditional password-based authentication, there seems to be an overall idea of this technology being unhackable, and a perception that account takeover and user impersonation are not even possible when using it.
This talk will cover real-world risks and vulnerabilities of passwordless solutions for Web applications and how a faulty implementation can lead to a more significant security breach than when using passwords alone. We will see how as a consequence of an attacker managing to compromise the passwordless authentication, users will not have that tiny piece of protection preventing other people from accessing their details: ironically, a password.
This talk will also cover the best practices for developers looking to integrate a passwordless mechanism (WebAuthn) into their Web application. Recommendations will be included for pentesters, enterprises, and end-users, too.
Aldo Salas
0:03:49
0:07:13
0:02:24
0:01:26
0:20:59
0:04:02
0:20:44
0:05:30
0:00:44
0:00:41
0:00:24
0:01:48
0:17:19
0:00:23
0:01:00
0:00:59
0:00:45
0:03:53
0:36:35
0:00:58
0:00:58
0:00:49
0:17:42
0:00:41