BSidesLV 2017 has ended
Back To Schedule
Tuesday, July 25 • 14:30 - 14:55
Two-Factor Auth - Demand Bidirectional

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Two-factor authentication has become almost commonplace in defending against ubiquitous credential brute-forcing and has reduced the criticality of password theft.

However there is a component of the original RFC (request-for-comment) that has been overlooked and undervalued. Meaning that 2FA in its current form is not as effective at mitigating phishing and replay attacks as it could be.

This talk will demonstrate attacks against time-based and HMAC-based OTP (one-time pad) authentication, and will propose detailed countermeasures and mitigations for these attacks.

avatar for Joe Kirwin

Joe Kirwin

Senior Security Engineer, Pivotal

Tuesday July 25, 2017 14:30 - 14:55 PDT
Proving Ground (Florentine G) 255 E Flamingo Rd, Las Vegas, NV 89169