Transitioning to passwordless technologies
Abstract
Passwords have been our go-to for user authentication for a long time, but are they really secure? While Multi-Factor Authentication (MFA) has made things better, we're still on the lookout for stronger solutions. Passwordless authentication can help organizations mitigate tactics, techniques, and procedures (TTPs) such as credential access, yet it's not a plug-and-play fix.
This talk aims to guide the audience through the complexities of the passwordless landscape, highlighting both the potential and the risks associated with this technology. We'll explore various passwordless methods, how they can be implemented, and their security properties down to the hardware level. Additionally, we'll discuss how these methods can be mapped to current and emerging attack vectors.
The ultimate goal is to enhance the security of user identities while being aware of potential downsides and new attack vectors. Through real-life scenarios, we'll illustrate the transition to passwordless authentication and its impact on security.