Transitioning to passwordless technologies
Abstract
Passwords have been our go-to for user authentication for a long time, but are they really secure? While Multi-Factor Authentication (MFA) has made things better, we're still on the lookout for stronger solutions. Passwordless authentication can help organizations mitigate tactics, techniques, and procedures (TTPs) such as credential access, yet it's not a plug-and-play fix.
This talk aims to guide the audience through the complexities of the passwordless landscape, highlighting both the potential and the risks associated with this technology. We'll explore various passwordless methods, how they can be implemented, and their security properties down to the hardware level. Additionally, we'll discuss how these methods can be mapped to current and emerging attack vectors.
The ultimate goal is to enhance the security of user identities while being aware of potential downsides and new attack vectors. Through real-life scenarios, we'll illustrate the transition to passwordless authentication and its impact on security.
Speaker: Davide Caria
Company: Microsoft
Function: Cybersecurity Architect
Function: Cybersecurity Architect
Davide Caria is a computer engineer currently working as a Cybersecurity architect for Microsoft. Identity and related topics are his main areas of focus and he has experience in contributing to passwordless authentication designs.
Prior to joining Microsoft he has collaborated with Aruba S.p.A., a large Italian cloud provider, for the creation of their passwordless authentication solution for enterprise customers.
Want to see Davide in action?