Battered Phish: Defending Authentication from Phishing Attacks

Jamie Wallace
One email or text, one user tricked, and game over… Attacks against login credentials continue to be the Achilles heel of the systems we defend. From attacking individuals for their bitcoin wallets, workforce users to gain access to the enterprise, and political operatives to influence elections attackers continue to run this play because it's easy and successful. Why does phishing for passwords and one-time passcodes (OTPs) work so commonly? Who causes this to happen? How do we change the game and help eliminate this long-running attack vector? This talk explores various strategies and technologies to make authentication much more resistant to phishing attacks. It will focus on the user, challenge conventional thinking, and outline adoption strategies. Technologies explored will include the FIDO standard, security keys, Windows Hello, and mobile authentication including ZenKey.