The state of authentication is in such disarray today that a black hat is no longer needed to wreak havoc. One avenue to authentication improvement is offered by the FIDO Alliance's open specifications built around public key cryptography. Does FIDO present a better mousetrap? Are there security soft spots for potential exploitation, such as man-in-the-middle attacks, exploits aimed at supporting architecture, or compromises targeting physical hardware? We will pinpoint where vulnerabilities are hidden in FIDO deployments, how difficult they are to exploit, and how enterprises and organizations can protect themselves.
Jerrod Chong is head of solutions at Yubico, where he helps organizationseverywhere use YubiKeys. With over 15 years in the security industry, Jerrodis passionate about making strong authentication secure, simple, and scalable.If he's not convincing you that hardware-backed keys are cool, he is lookingfor good coffee.