Passwords are such a known issue in the security world that most people’s eyes glaze over when you bring up the topic. No matter how many times people roll their eyes, passwords are a problem. The fact remains, strong passwords are hard to remember, and strict company password policies and rotation bother employees. These difficulties allow for attacks such as phishing attacks and password re-use. We all know we need another solution. There have been multiple attempts to solve the password problem, such as biometrics and password managers, but they all have their own quirks and flaws. Enter FIDO2. The FIDO2 specification aims to get rid of passwords once and for all, without sacrificing security. In this talk, we have an in-depth look at what FIDO2 offers, whether it solves the password problem and discuss its security model.
Nils Amiet (Kudelski Security)
Nils is a Senior Security Engineer on Kudelski Security’s research team performing research on various topics including authentication, big data analytics, and internet scanning. He also writes blog posts on various topics for Kudelski’s research blog. Nils likes open source software and has presented his research at DEF CON and Black Hat Arsenal. He was part of creating a massively distributed system for breaking RSA public keys.