Authentication Beyond SMS

•

2 recomendaciones•671 vistas

Passwords get pwned. SMS 2FA gets compromised. We spend time clicking stop signs just to convince computers we're human. All of this in an attempt to identify a user we will probably never personally know. It's a fascinating challenge and we're up to the task! This talk will walk through new channels for identity management beyond email and SMS. Encrypted messaging apps like WhatsApp broaden our options for delivering tokens and secure communications but lack the seamless user experience of Push Authentication or the offline benefits of TOTP. We'll dive into the tradeoffs for these approaches and help you choose the approach that will best protect you and your customers from signup to account recovery.

Ingeniería

Authentication Beyond SMS
Kelley Robinson | PasswordsCon 2018

Vertex-based
Elliptic Cryptography
on N-way
Bojangle SpacesPasswords
🤷
Simple Complex

Kelley Robinson
Authentication Beyond SMS

⚓ Trust Anchors
@kelleyrobinson
"An established point of trust from which an entity begins
the validation of an authorized process"
NIST Computer Security Resource Center Glossary

Physical Identities
• Face
• Voice
• Fingerprints
Contextual Identities
• Email address
• Phone number
• Usernames
Government Identities
• Passport
• Social security card (USA)
• Birth certificate
@kelleyrobinson

@kelleyrobinson
Physical Identities
• Trust anchor
• Very trustworthy
• Practically impossible
to change

@kelleyrobinson
Government Identities
• Also a trust anchor?
• Usually physical
• Difficult to change

@kelleyrobinson
Contextual Identities
• ...also treated like a trust anchor?
• Not 1:1 relationship
• Easier to change

Why is identity
veriﬁcation hard?
• Imperfect systems
• We may never know if we
got it right

@kelleyrobinson
🔐 What are we going to do?

@kelleyrobinson
No. It's not.
https://www.troyhunt.com/heres-why-insert-thing-here-is-not-a-password-killer/

@kelleyrobinson
Multi Factor Authentication
• SMS / Voice
• TOTP
• Push
• Yubikey
• ...and more

📱 SMS 2FA
• Most popular
• Easy to use and getting easier
• Low barrier to entry
@kelleyrobinson

📱 Why is SMS for MFA "Bad"?
• SS7 vulnerabilities
• SIM swapping (social engineering)
• Not E2E encrypted
Link: The Post SS7 Future of 2FA
@kelleyrobinson

SMS 2FA is still
better than
no 2FA
@kelleyrobinson

“When we exaggerate all dangers we
simply train users to ignore us.
@kelleyrobinson
Cormac Herley, The Rational Rejection of Security Advice by Users (2009)
”

TOTP
(Time-based One Time Passwords)
@kelleyrobinson

WhatsApp
Or other encrypted messaging
@kelleyrobinson

“We learned that SMS-based
authentication is not nearly as secure as
we would hope.
”Reddit Security Incident Disclosure - 2018-08-01
@kelleyrobinson

@kelleyrobinson
Account value
Likelihoodofbeingatarget
Very Official
Risk Assessment

@kelleyrobinson
Money
Information
Control
Power
Account value*
Likelihoodofbeingatarget

Employees*
Moderators
Everyone else
Potential Reddit 2FA Model
Required token
based 2FA
Required 2FA
Optional 2FA
*might be managed by IT, not dev

Balance over $250k
Balance over $10k
Everyone else
Potential Banking 2FA Model
Required token
based 2FA
Required 2FA
Optional 2FA

Veriﬁed accounts
Over 1,000 followers
Everyone else
Potential Twitter 2FA Model
Required token
based 2FA
Required 2FA
Optional 2FA

@kelleyrobinson
☎ Known authentication weak point:
Requests via contact center

@kelleyrobinson
https://twitter.com/patio11/status/1053205207964823552
☎
Requests
via contact
center

@kelleyrobinson
☎
Requests
via contact
center

@kelleyrobinson
📈 Measuring effectiveness

@kelleyrobinson
ℹ Support costs *relative to* losses ⬇
💰 Losses due to account takeover ⬇
😈 Number of compromised accounts ⬇
😃 Customer satisfaction ⬆

@kelleyrobinson
“Security people are full of morbid and
detailed monologues about the pervasive
catastrophes that surround us.
”James Mickens, This World of Ours

@kelleyrobinson
Don't blame users.
It's our responsibility to protect them.

@kelleyrobinson
THANK YOU!
@kelleyrobinson

Más contenido relacionado

Similar a Authentication Beyond SMS

Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...

Nicholas Davis

Pki & personal digital certificates, the key to securing sensitive electronic...

Nicholas Davis

What does a world without passwords and usernames look like? What would a truly secure single sign-on system mean for your customer and employee experiences? What if multi-factor authentication was consistent and interoperable across the Internet? On our July 9th webinar, we were joined by our partners at Condatis to dive into these very questions around the future of authentication, covering: ◙ The four types of authentication supported by Evernym today ◙ The flaws in today’s password-based, security question, and social login models ◙ The benefits of using verifiable portable credentials for authentication ◙ Using self-sovereign identity for multi-factor authentication ◙ A showcase of live SSI-enabled authentication projects Presenters: ◙ Andy Tobin, EMEA Managing Director, Evernym ◙ Chris Eckl, Chief Technology Officer, Condatis ◙ James Monaghan, VP Product, Evernym

The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity

Evernym

Trust and identity in the ecosystem

Sofie Blakstad 🐝

In the emerging world of DevOps and the Cloud, most developers are trying to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resiliency and scaling to an application. Still, one critical item consistently overlooked is security. The world of the Cyber Criminal is closer than you realize. Watch a real man-in-the-middle demonstration and learn just how simple it can be for others to steal your secrets. In this talk you’ll learn about other practical examples of how you can inadvertently leave the doors open and what you can do to keep your system secure. In the end, security is everyone’s concern and this talk will teach you a few of simple actions you can take (and some behaviours you must change) to create a more secure application in the Cloud.

Jax london2016 cybercrime-and-the-developer

Steve Poole

While Blockchain technology creates strong cryptographic controls securing the integrity of data, successful, cooperative Blockchain networks must establish trust between a varieties of independent entities to create overall trust. In this presentation, Scott Perry and Drummond Reed will discuss how trust is created in Blockchain systems and the varying layers (i.e. ledger, agent, credential exchange and governance) that add trust within interoperable parties and reliance to external Blockchain’s within the web of trust. As active members of the Sovrin Governance Working Group, including the first robust trust assurance model for Blockchain’s, our presenters will discuss how all Blockchain’s networks can add accountability within stakeholder roles to ensure that Blockchain’s are trustworthy above the embedded cryptographic trust assertions. The target of this webinar is leaders and participants in the industry who are seeking greater acceptance and assurance in the trustworthiness of their network. This session will help you learn which role systems auditors, cybersecurity professionals, and risk management experts will have to play to ensure trust must be built and maintained when adopting such cutting-edge technologies. The webinar covers: • How Digital Trust is created • How Blockchain’s novel attributes contribute to digital trust • Blockchain’s beneficial use cases • Deeper Dive into Self Sovereign Identity as a unique Blockchain use case Date: March 18, 2019 Recorded Webinar: https://youtu.be/1lcuf9bJFBQ

Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...

PECB

Beyond Digital Identity

Scopism

We continue to build products allowing our customers to do more things online. While bringing convenience, it also raises the stakes of fraud, for our customers and our companies. The democratization of technology means that those intending to commit fraud can take advantage of some amazingly sophisticated tools. Consumers and governments have little trust in technology due to the questionable ethics of some of the biggest players in the industry. Identity online continues to evolve; governments, businesses, the open source community, and grassroots organizations are all evolving how we validate, protect, and secure our identity. Whether your software is targeted towards businesses or consumers, if you are in a regulated vertical or a non-regulated one, or if you have customers in multiple countries or just one, how you ethically manage customer identity will be crucial to your product’s success (or existence).

Do I Know You? Identity on the Internet and the Question of Trust

Kevin Goldsmith

n the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security. In this session, learn about a few of the simple actions you can take (and some behaviors you must change) to create a more secure Java application for the cloud. The world of the cyber criminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.

Progscon cybercrime and the developer

Steve Poole

Identity Proofing to provision accurately

David Kelts, CIPT

On February 19, 2014, the Federal Trade Commission staff hosted a seminar on Mobile Device Tracking. The speakers discussed how retailers and other businesses have been tracking consumers’ movements throughout and around retail stores and other attractions using technologies that identify signals emitted by their mobile devices. While the technologies differ, many work by identifying and collecting the MAC address – which is unique to a particular device – broadcast when a mobile device searches for Wi-Fi networks. Companies can use these technologies to reveal information about consumers including the path taken throughout a location, length of time in one location, whether a visitor is new or returning, and the frequency of visits to a location. According to media reports, major retailers in the United States are using or have tested the technology in their stores in order to gain insights into the behavior of their customers. In most cases, this tracking is invisible to consumers and occurs with no consumer interaction. As a result, the use of these technologies raises a number of potential privacy concerns and questions.

Mobile Device Tracking Seminar

Brian Ahier

Callcredit's Fraud Summit - Customer experience stream

Callcredit123

Cybercrime and the Developer Java2Days 2016 Sofia

Steve Poole

Credit for Renting

Experian_US

Pki the key to securing sensitive communications

Nicholas Davis

Common Consumer Frauds and How to Avoid Them-03-14

Barbara O'Neill

Crypto-Currency - Strategic Review v3

Bryan Starbuck

Join our #CreditChat every Wednesday at 3 p.m. ET on Twitter and YouTube. This week, we discussed the very important topic of identity theft and learned tips about how we can protect ourselves. This deck features highlights from our chat with tips from: @LeslieHTayneEsq, @NatlJumpStart, @Frostbe, @DebbiKing, @RAHomes, @SouthStateBank, @BahiyahShabazz, @WelshKristy, @yesiamcheap and @FacingFinances.

How to Protect Yourself From Identity Theft

Experian_US

In today's complex security landscape, web applications pose a significant risk to Mid-Market and Enterprise organizations. The question is, how can an organization secure their web properties without sacrificing performance. The answer may be a Cloud-based Web Application Firewall. This webinar will introduce the concept of the CWAF, and the benefits of web application security in the cloud. Samples of topics covered include: - What is a cloud-based web application firewall - The benefits of using a CWAF - How to improve security and performance - How to implement a CWAF in complex web environments This live Q&A-based webinar is designed for development managers, large websites with unique and complex infrastructure/server environments, and anyone who is concerned about securing their web applications. Insights provided in the webinar will help you operate more secure networks, infrastructure, and web applications. You can see the video recording of this webinar at the end of the slides.

Webinar: CWAF for Mid Market/Enterprise Organizations

Sucuri

Cryptocurrency Scams | How Do You Protect Yourself?

Money 2Conf

Similar a Authentication Beyond SMS (20)

Pki & Personal Digital Certificates, The Key To Securing Sensitive Electr...

Pki & personal digital certificates, the key to securing sensitive electronic...

The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity

Trust and identity in the ecosystem

Jax london2016 cybercrime-and-the-developer

Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...

Beyond Digital Identity

Do I Know You? Identity on the Internet and the Question of Trust

Progscon cybercrime and the developer

Identity Proofing to provision accurately

Mobile Device Tracking Seminar

Callcredit's Fraud Summit - Customer experience stream

Cybercrime and the Developer Java2Days 2016 Sofia

Credit for Renting

Pki the key to securing sensitive communications

Common Consumer Frauds and How to Avoid Them-03-14

Crypto-Currency - Strategic Review v3

How to Protect Yourself From Identity Theft

Webinar: CWAF for Mid Market/Enterprise Organizations

Cryptocurrency Scams | How Do You Protect Yourself?

Más de Kelley Robinson

Protecting your phone verification flow from fraud & abuse

Kelley Robinson

In the last year we've seen a new type of fraud become more common where fraudsters attack phone verification forms with thousands of requests. This type of attack, known as SMS pumping, causes inflated traffic to your app with the intent to make money and not to steal information. Unfortunately this means you might be hit with higher than expected bills from your telecom provider if your application isn't designed to prevent it. This talk will describe SMS pumping in more detail, including how it compares to similar attacks like IRSF and how fraudsters profit from this tactic. You'll learn strategies to prevent the attack and improve your phone verification workflow in the process, ensuring all of the benefits of phone number verification without unintended expenses.

Preventing phone verification fraud (SMS pumping)

Kelley Robinson

Auth on the web: better authentication

Kelley Robinson

Authentication is a sneaky problem - the most secure options don't usually have widespread adoption, especially among consumer applications. But what if we could fix that? Narrator: we can. WebAuthn is a somewhat new authentication standard that uses our everyday devices like phones and computers and turns them into phishing-resistant security keys. It almost sounds too good to be true. This talk will dig into how the technology works, when you can and should use it, and how to get started. We'll dig into why this isn't widely adopted yet and if or when we can expect it to be. You'll walk away with a better understanding of a new authentication channel and possibly some hope for a more secure future.

WebAuthn

Kelley Robinson

Introduction to Public Key Cryptography

Kelley Robinson

2FA in 2020 and Beyond

Kelley Robinson

Identiverse 2020 - Account Recovery with 2FA

Kelley Robinson

Designing customer account recovery in a 2FA world

Kelley Robinson

This talk will discuss the latest advancements with STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted information using toKENs), new tech standards that use well accepted public key cryptography methods to validate caller identification. We’ll discuss the path and challenges to getting this implemented industry wide, where this tech will fall short, and what we can do to limit exposure to call spam and fraud in the meantime.

Introduction to SHAKEN/STIR

Kelley Robinson

Intro to SHAKEN/STIR

Kelley Robinson

PSD2, SCA, WTF?

Kelley Robinson

Building a Better Scala Community

Kelley Robinson

Communication @ Startups

Kelley Robinson

SIGNAL - Practical Cryptography

Kelley Robinson

2FA Best Practices

Kelley Robinson

Practical Cryptography

Kelley Robinson

2FA WTF

Kelley Robinson

Analyzing Pwned Passwords with Spark - OWASP Meetup July 2018

Kelley Robinson

Analyzing Pwned Passwords with Spark and Scala

Kelley Robinson

Practical Cryptography

Kelley Robinson

Más de Kelley Robinson (20)

Protecting your phone verification flow from fraud & abuse

Preventing phone verification fraud (SMS pumping)

Auth on the web: better authentication

WebAuthn

Introduction to Public Key Cryptography

2FA in 2020 and Beyond

Identiverse 2020 - Account Recovery with 2FA

Designing customer account recovery in a 2FA world

Introduction to SHAKEN/STIR

Intro to SHAKEN/STIR

PSD2, SCA, WTF?

Building a Better Scala Community

Communication @ Startups

SIGNAL - Practical Cryptography

2FA Best Practices

Practical Cryptography

2FA WTF

Analyzing Pwned Passwords with Spark - OWASP Meetup July 2018

Analyzing Pwned Passwords with Spark and Scala

Practical Cryptography

Último

data_management_and _data_science_cheat_sheet.pdf

JiananWang21

VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to 25K High Profile Escorts In Pune Booking Now open +91- 8005736733 Why you Choose Us- +91- 8005736733 HOT⇄ 8005736733 Mr ashu ji Call Mr ashu Ji +91- 8005736733 (V030524]N) 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔✔ To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models • Foreigner Models • TV Actress and Celebrities • Receptionist • Air Hostess • Call Center Working Girls/Women • Hi-Tech Co. Girls/Women • Housewife

VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...

SUHANI PANDEY

AKTU Computer Networks notes --- Unit 3.pdf

ankushspencer015

Unleashing the Power of the SORA AI lastest leap

RishantSharmaFr

KubeKraft presentation @CloudNativeHooghly

sanyuktamishra911

Design For Accessibility: Getting it right from the start

Quintin Balsdon

Call girls in delhi ✔️✔️🔝 9953056974 🔝✔️✔️Welcome To Vip Escort Services In Delhi [ ]Noida Gurgaon 24/7 Open Sex Escort Services With Happy Ending ServiCe Done By Most Attractive Charming Soft Spoken Bold Beautiful Full Cooperative Independent Escort Girls ServiCe In All-Star Hotel And Home Service In All Over Delhi, Noida, Gurgaon, Faridabad, Ghaziabad, Greater Noida, • IN CALL AND OUT CALL SERVICE IN DELHI NCR • 3* 5* 7* HOTELS SERVICE IN DELHI NCR • 24 HOURS AVAILABLE IN DELHI NCR • INDIAN, RUSSIAN, PUNJABI, KASHMIRI ESCORTS • REAL MODELS, COLLEGE GIRLS, HOUSE WIFE, ALSO AVAILABLE • SHORT TIME AND FULL TIME SERVICE AVAILABLE • HYGIENIC FULL AC NEAT AND CLEAN ROOMS AVAIL. IN HOTEL 24 HOURS • DAILY NEW ESCORTS STAFF AVAILABLE • MINIMUM TO MAXIMUM RANGE AVAILABLE. Call Girls in Delhi & Independent Escort Service – CALL GIRLS SERVICE DELHI NCR Vip call girls in Delhi Call Girls in Delhi, Call Girl Service 24×7 open Call Girls in Delhi Best Delhi Escorts in Delhi Low Rate Call Girls In Saket Delhi X~CALL GIRLS IN Ramesh Nagar Metro best Delhi call girls and Delhi escort service. CALL GIRLS SERVICE IN ALL DELHI … (Delhi) Call Girls in (Chanakyapuri) Hot And Sexy Independent Model Escort Service In Delhi Unlimited Enjoy Genuine 100% Profiles And Trusted Door Step Call Girls Feel Free To Call Us Female Service Hot Busty & Sexy Party Girls Available For Complete Enjoyment. We Guarantee Full Satisfaction & In Case Of Any Unhappy Experience, We Would Refund Your Fees, Without Any Questions Asked. Feel Free To Call Us Female Service Provider Hours Opens Thanks. Delhi Escorts Services 100% secure Services.Incall_OutCall Available and outcall Services provide. We are available 24*7 for Full Night and short Time Escort Services all over Delhi NCR. Delhi All Hotel Services available 3* 4* 5* Call Call Delhi Escorts Services And Delhi Call Girl Agency 100% secure Services in my agency. Incall and outcall Services provide. We are available 24*7 for Full Night and short Time Escort Services my agency in all over New Delhi Delhi All Hotel Services available my agency SERVICES [✓✓✓] Housewife College Girl VIP Escort Independent Girl Aunty Without a Condom sucking )? Sexy Aunty.DSL (Dick Sucking Lips)? DT (Dining at the Toes English Spanking) Doggie (Sex style from no behind)?? OutCall- All Over Delhi Noida Gurgaon 24/7 FOR APPOINTMENT Call/Whatsop / 9953056974

Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service

9953056974 Low Rate Call Girls In Saket, Delhi NCR

VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking Escorts Service Available Whatsapp SABANA ☎️ : [+91-7001035870] Escorts Service are always ready to make their clients happy. Their exotic looks and sexy personalities are sure to turn heads. You can enjoy with them, including massages and erotic encounters. Our area Escorts are young and sexy, so you can expect to have an exotic time with them. They are trained to satiate your naughty nerves and they can handle anything that you want. They are also intelligent, so they know how to make you feel comfortable and relaxed Independent Escorts Service They know all the sex positions and can satisfy you in any way that you desire. They can even give you erotic massages to help you relax before your session. This is essential, because a man who is stressed won’t be receptive to the pleasures of sex. They also know how to play with your sexy organs, so you’ll have plenty of foreplay and cuddling. P252024SS SERVICE ✅ ❣️ ⭐➡️HOT & SEXY MODELS // COLLEGE GIRLS HOUSE WIFE RUSSIAN , AIR HOSTES ,VIP MODELS . AVAILABLE FOR COMPLETE ENJOYMENT WITH HIGH PROFILE INDIAN MODEL AVAILABLE HOTEL & HOME ★ SAFE AND SECURE HIGH CLASS SERVICE AFFORDABLE RATE ★ SATISFACTION,UNLIMITED ENJOYMENT. ★ All Meetings are confidential and no information is provided to any one at any cost. ★ EXCLUSIVE PROFILes Are Safe and Consensual with Most Limits Respected ★ Service Available In: - HOME & HOTEL Star Hotel Service .In Call & Out call SeRvIcEs : ★ A-Level (star escort) ★ Strip-tease ★ BBBJ (Bareback Blowjob)Receive advanced sexual techniques in different mode make their life more pleasurable. ★ Spending time in hotel rooms ★ BJ (Blowjob Without a Condom) ★ Completion (Oral to completion) ★ Covered (Covered blowjob Without condom ★ANAL SERVICES.

VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking

dharasingh5698

Unit 2- Effective stress & Permeability.pdf

RagavanV2

Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Girls Waiting For You To Fuck Booking Contact Details WhatsApp Chat: +91-6297143586 pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 01-may-2024(v.n)

Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...

Call Girls in Nagpur High Profile

Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service

9953056974 Low Rate Call Girls In Saket, Delhi NCR

Increased aeration of the soil; Stabilized soil structure; Higher and more diversified crop production; Better workability of the land; Earlier planting dates; Reduction of peak discharges by an increased temporary storage of water in the soil decomposition of organic matter; soil subsidence; reduced irrigation efficiency; increased risk of drought. excessive leaching of valuable nutrients from the soil; downstream environmental damage by salty or otherwise polluted drainage water; the presence of ditches, canals, and structures impending accessibility and interfering with other infrastructural elements of the land.

chapter 5.pptx: drainage and irrigation engineering

mulugeta48

Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Sex Service At Affordable Rate Booking Contact Details WhatsApp Chat: +91-6297143586 pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 01-may-2024(v.n)

Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...

Call Girls in Nagpur High Profile

Intze Overhead Water Tank Design by Working Stress - IS Method.pdf

Er. Suman Jyoti

Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For Sex At Your Doorstep Booking Contact Details WhatsApp Chat: +91-6297143586 pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 02-may-2024(v.n)

Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...

tanu pandey

Welcome to the April edition of WIPAC Monthly, the magazine brought to you by Water Industry Process Automation & Control. In this month's edition, along with the latest news from the industry we have articles on: The use of artificial intelligence and self-service platforms to improve water sustainability A feature article on measuring wastewater spills An article on the National Underground Asset Register Have a good month, Oliver

Water Industry Process Automation & Control Monthly - April 2024

Water Industry Process Automation & Control

Call Girl Meerut Indira Call Now: 8617697112 Meerut Escorts Booking Contact Details WhatsApp Chat: +91-8617697112 Meerut Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts Meerut understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide –

(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7

Call Girls in Nagpur High Profile Call Girls

Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor Escorts Service Available Whatsapp Chaya ☎️ : [+91-7001035870] Escorts Service are always ready to make their clients happy. Their exotic looks and sexy personalities are sure to turn heads. You can enjoy with them, including massages and erotic encounters. Our area Escorts are young and sexy, so you can expect to have an exotic time with them. They are trained to satiate your naughty nerves and they can handle anything that you want. They are also intelligent, so they know how to make you feel comfortable and relaxed Independent Escorts Service They know all the sex positions and can satisfy you in any way that you desire. They can even give you erotic massages to help you relax before your session. This is essential, because a man who is stressed won’t be receptive to the pleasures of sex. They also know how to play with your sexy organs, so you’ll have plenty of foreplay and cuddling. P252024SS SERVICE ✅ ❣️ ⭐➡️HOT & SEXY MODELS // COLLEGE GIRLS HOUSE WIFE RUSSIAN , AIR HOSTES ,VIP MODELS . AVAILABLE FOR COMPLETE ENJOYMENT WITH HIGH PROFILE INDIAN MODEL AVAILABLE HOTEL & HOME ★ SAFE AND SECURE HIGH CLASS SERVICE AFFORDABLE RATE ★ SATISFACTION,UNLIMITED ENJOYMENT. ★ All Meetings are confidential and no information is provided to any one at any cost. ★ EXCLUSIVE PROFILes Are Safe and Consensual with Most Limits Respected ★ Service Available In: - HOME & HOTEL Star Hotel Service .In Call & Out call SeRvIcEs : ★ A-Level (star escort) ★ Strip-tease ★ BBBJ (Bareback Blowjob)Receive advanced sexual techniques in different mode make their life more pleasurable. ★ Spending time in hotel rooms ★ BJ (Blowjob Without a Condom) ★ Completion (Oral to completion) ★ Covered (Covered blowjob Without condom ★ANAL SERVICES.

Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor

dharasingh5698

Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking Booking Now open +91- 7737669865 Why you Choose Us- +91- 7737669865 HOT⇄ 7737669865 Mr ashu ji Call Mr ashu Ji +91- 7737669865 (V020524]N) 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔✔ To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models

Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking

roncy bisnoi

STEAM NOZZLES AND TURBINES Flow of steam through nozzles, shapes of nozzles, effect of friction, critical pressure ratio, supersaturated flow - impulse and reaction principles, velocity diagram, work done and efficiency – types of compounding - governors. AIR COMPRESSORS Classification - working principle - type of compressors, work of compression with and without clearance - volumetric efficiency - isothermal and isentropic efficiency of reciprocating compressors - multistage air compressor with inter cooling.

Thermal Engineering -unit - III & IV.ppt

DineshKumar4165

Authentication Beyond SMS

1. Authentication Beyond SMS Kelley Robinson | PasswordsCon 2018

3. Vertex-based Elliptic Cryptography on N-way Bojangle SpacesPasswords 🤷 Simple Complex

4. Kelley Robinson Authentication Beyond SMS

5. @kelleyrobinson ☎ 🔐👋 %

6. How common is this? @kelleyrobinson

7. 💰$5.1B💰 In 2017 @kelleyrobinson

8. @kelleyrobinson https://xkcd.com/1121/

9. @kelleyrobinson ⚓ Trust Anchors

10. ⚓ Trust Anchors @kelleyrobinson "An established point of trust from which an entity begins the validation of an authorized process" NIST Computer Security Resource Center Glossary

11. Physical Identities • Face • Voice • Fingerprints Contextual Identities • Email address • Phone number • Usernames Government Identities • Passport • Social security card (USA) • Birth certificate @kelleyrobinson

12. @kelleyrobinson Physical Identities • Trust anchor • Very trustworthy • Practically impossible to change

13. @kelleyrobinson Government Identities • Also a trust anchor? • Usually physical • Difficult to change

14. @kelleyrobinson Contextual Identities • ...also treated like a trust anchor? • Not 1:1 relationship • Easier to change

15. Why is identity veriﬁcation hard? • Imperfect systems • We may never know if we got it right

16. @kelleyrobinson 🔐 What are we going to do?

17. @kelleyrobinson

18. @kelleyrobinson No. It's not. https://www.troyhunt.com/heres-why-insert-thing-here-is-not-a-password-killer/

19. @kelleyrobinson Multi Factor Authentication • SMS / Voice • TOTP • Push • Yubikey • ...and more

20. 📱 SMS 2FA • Most popular • Easy to use and getting easier • Low barrier to entry @kelleyrobinson

21. 📱 Why is SMS for MFA "Bad"? • SS7 vulnerabilities • SIM swapping (social engineering) • Not E2E encrypted Link: The Post SS7 Future of 2FA @kelleyrobinson

22. SMS 2FA is still better than no 2FA @kelleyrobinson

23. “When we exaggerate all dangers we simply train users to ignore us. @kelleyrobinson Cormac Herley, The Rational Rejection of Security Advice by Users (2009) ”

24. U2F

25. Push @kelleyrobinson

26. TOTP (Time-based One Time Passwords) @kelleyrobinson

27. WhatsApp Or other encrypted messaging @kelleyrobinson

28. @kelleyrobinson

29. “We learned that SMS-based authentication is not nearly as secure as we would hope. ”Reddit Security Incident Disclosure - 2018-08-01 @kelleyrobinson

30. @kelleyrobinson Account value Likelihoodofbeingatarget Very Official Risk Assessment

31. @kelleyrobinson Money Information Control Power Account value* Likelihoodofbeingatarget

32. Employees* Moderators Everyone else Potential Reddit 2FA Model Required token based 2FA Required 2FA Optional 2FA *might be managed by IT, not dev

33. Balance over $250k Balance over $10k Everyone else Potential Banking 2FA Model Required token based 2FA Required 2FA Optional 2FA

34. Veriﬁed accounts Over 1,000 followers Everyone else Potential Twitter 2FA Model Required token based 2FA Required 2FA Optional 2FA

35. @kelleyrobinson ☎ Known authentication weak point: Requests via contact center

36. @kelleyrobinson https://twitter.com/patio11/status/1053205207964823552 ☎ Requests via contact center

37. @kelleyrobinson ☎ Requests via contact center

38. @kelleyrobinson 📈 Measuring effectiveness

39. @kelleyrobinson ℹ Support costs *relative to* losses ⬇ 💰 Losses due to account takeover ⬇ 😈 Number of compromised accounts ⬇ 😃 Customer satisfaction ⬆

40. @kelleyrobinson “Security people are full of morbid and detailed monologues about the pervasive catastrophes that surround us. ”James Mickens, This World of Ours

41. @kelleyrobinson Don't blame users. It's our responsibility to protect them.

42. @kelleyrobinson THANK YOU! @kelleyrobinson

Authentication Beyond SMS

Recomendados

Recomendados

Más contenido relacionado

Similar a Authentication Beyond SMS

Similar a Authentication Beyond SMS (20)

Más de Kelley Robinson

Más de Kelley Robinson (20)

Último

Último (20)

Authentication Beyond SMS