Two-Factor Auth - Demand Bidirectional

BSidesLV 2017

Presented by: Joe Kirwin
Date: Tuesday July 25, 2017
Time: 14:30 - 14:55
Location: Proving Ground

Two-factor authentication has become almost commonplace in defending against ubiquitous credential brute-forcing and has reduced the criticality of password theft.

However there is a component of the original RFC (request-for-comment) that has been overlooked and undervalued. Meaning that 2FA in its current form is not as effective at mitigating phishing and replay attacks as it could be.

This talk will demonstrate attacks against time-based and HMAC-based OTP (one- time pad) authentication, and will propose detailed countermeasures and mitigations for these attacks.

Joe Kirwin


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats