A note to Security Ledger readers that I’ll be facilitating a really interesting conversation this afternoon on password (in)security and how weak user authentication can undermine even the best laid security plans.
The SANS Webinar, Security for the People: End User Authentication Security on the Internet” kicks off at 3:00 PM Eastern today (12:00 PM Pacific). You can register to join us using this link.
My guest is DUO Security researcher Mark Stanislav, a frequent Security Ledger contributor and one of the smartest guys out there when it comes to passwords, authentication and securing the Internet of Things.
There’s plenty to talk about: weak authentication schemes are the root cause of any number of prominent breaches – from the recent attacks the Apple iCloud accounts of A-list celebrities, to the breach at retailer Target (reportedly the result of a phishing attack on an HVAC contractor that Target used.) Mark and I will talk about some of the problems with single factor authentication schemes and why even long passwords and pass phrases may provide illusory security.
Mark will present the results of some DUO research on online authentication schemes and talk about some common ways that even sophisticated security organizations get user authentication wrong. We’ll take questions from the audience and talk about simple ways that organizations can improve the overall security of their on-premises, hosted services and public facing web applications.
To register, head over to The SANS Institute Web site to sign up! I look forward to seeing you there!
I look forward to seeing you all there!