Hi [[ session.user.profile.firstName ]]

The Future of Authentication: How Two Factor Authentication is Dying

We all know that passwords do not work. For many years, ubiquitous phishing attacks, brute forcing, and credential stuffing using reused passwords has shown that organizations should not rely on passwords to authenticate users. This has pushed many organizations to race to implement two factor authentication.

Two factor authentication has become a lot cheaper and simpler to implement in recent years, but the bad guys didn't rest on their data stashes either, and implemented some effective means to attack sites protected by two factor authentication. In addition, more and more users are using mobile devices as primary means to access web applications. Mobile web applications are often difficult to use with complex passwords and two factor authentication.

Luckily, standard organizations have been working on this problem, and we now have some emerging standards that are being deployed in popular browsers. In this webcast, you will earn how these new standards like WebAuthn work, how to implement them, and what attacks they protect from.
Recorded Jun 2 2019 59 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Dr. Johannes Ullrich, SANS
Presentation preview: The Future of Authentication: How Two Factor Authentication is Dying

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Go Passwordless with Yubico and Microsoft: WebAuthn, FIDO2 and Azure AD Recorded: Jul 30 2019 53 mins
    Hormazd Romer, VP Product Marketing, Yubico and Jon Wojan,Partner Technical Architect, Microsoft
    Secure passwordless authentication is coming to a computer near you! WebAuthn, a new standard published by the W3C, along with the FIDO2 spec now make this promise a reality. Microsoft’s upcoming support for Windows 10 passwordless login via Azure Active Directory means soon hundreds of millions of users will be able to experience the convenience of passwordless login at a higher level of security than the traditional combination of password and multi-factor authentication (MFA).

    Experts from Yubico and Microsoft will provide an overview of the journey to passwordless, its key benefits, and why it is more secure than typical MFA.

    Attend this webinar to learn:

    * The roadmap to passwordless
    * Use cases and advantages of the WebAuthn and FIDO2 standards
    * How passwordless will work with Windows 10 and Azure AD
    * How to get started with passwordless authentication
  • Improving Enterprise Authentication: Taming the Password Beast Recorded: Jul 26 2019 62 mins
    John Pironti, President, IP Architects / Jerrod Chong, Chief Solutions Officer, Yubico
    Many enterprises have implemented some basic methods for managing user authentication to sensitive data, and some have even mastered the “single sign-on” problem for data access. But today’s IT environment increasingly involves a wide range of user devices and locations, including mobile equipment, cloud services, and even Internet of Things devices. In this Dark Reading webinar, top experts will discuss emerging methods for solving the authentication problem, and for building authentication strategies that go beyond the enterprise premises.

    Attend this webinar and you'll learn:

    * what essential questions you must ask yourself and your service providers, before designing an authentication strategy for your business

    * why the FIDO2 / WebAuthn standard shifts authentication paradigms and might support your identity and access management strategy

    * how to support better security and lower friction for both internal and external users

    * what to consider now if you want your authentication strategy to stand the test of time (and whether passwords should be part of the long-term plan)
  • Okta + Yubico: The Path to Passwordless Recorded: Jul 17 2019 46 mins
    Derek Hanson, VP Solutions Architecture and Alliances, Yubico and Swaroop Sham, Product Marketing, Okta
    Using WebAuthn to deliver secure and seamless authentication

    The current use of username and password authentication creates heavy support load due to helpdesk calls, resulting in lost productivity and high IT costs. While two-factor and multi-factor authentication have been demonstrated to be effective in protecting users from account takeover, the lack of global web standards has hampered widespread adoption to date.

    Web Authentication, or WebAuthn, is a new global standard introduced by the World Wide Web Consortium (W3C) and FIDO Alliance for secure authentication to web applications. WebAuthn defines a standard API that enables web applications to easily invoke strong authentication without a password via built-in support to all leading browsers and web platforms.

    With WebAuthn, users and organizations now have more flexibility and can leverage strong authentication using a combination of an external authenticator, such as a security key, and an internal platform authenticator, such as a biometric touchpad or camera on a laptop to access their web service.

    In this webinar, the speakers will cover:

    * Shortcomings of current authentication methods
    * WebAuthn background and its benefits
    * How to achieve strong, user-friendly authentication and move towards passwordless logins
  • Authentication: It's All About the User Experience Recorded: Jun 13 2019 59 mins
    Matt Bromiley,SANS Instructor & Incident Responder and Hormazd Romer, VP of Product Marketing, Yubico
    Authentication: It's All About the User Experience

    Authentication, including passwords, remains a weak link for enterprise security, despite many attempts to improve or strengthen it. Because people must authenticate themselves, effective authentication depends heavily on users, whose experience and willingness to comply often compromise security. This SANS webcast and associated new paper looks at the current state of authentication and ways to deploy a better process.

    SANS senior instructor Matt Bromiley, with insights from Yubico’s Hormazd Romer will talk about the challenges with passwords, existing authentication technologies and recent developments to improve authentication. The role of industry standards, including WebAuthn, will be addressed, along with specific recommendations to implement strong authentication. that protect the organization and provide a better experience for your users.
  • The Future of Authentication: How Two Factor Authentication is Dying Recorded: Jun 2 2019 59 mins
    Dr. Johannes Ullrich, SANS
    We all know that passwords do not work. For many years, ubiquitous phishing attacks, brute forcing, and credential stuffing using reused passwords has shown that organizations should not rely on passwords to authenticate users. This has pushed many organizations to race to implement two factor authentication.

    Two factor authentication has become a lot cheaper and simpler to implement in recent years, but the bad guys didn't rest on their data stashes either, and implemented some effective means to attack sites protected by two factor authentication. In addition, more and more users are using mobile devices as primary means to access web applications. Mobile web applications are often difficult to use with complex passwords and two factor authentication.

    Luckily, standard organizations have been working on this problem, and we now have some emerging standards that are being deployed in popular browsers. In this webcast, you will earn how these new standards like WebAuthn work, how to implement them, and what attacks they protect from.
  • Enabling GRC with Secure Authentication Across the Digital Ecosystem Recorded: May 30 2019 77 mins
    IT GRC Forum
    The days of securing a well-defined perimeter around your organization are gone. The cloud, mobile technologies, the internet of things (IoT) and diverse user groups freely exchange data across digital ecosystems, network and economies. This fluidity, however, means that organizations must secure access at multiple points throughout the organization, or risk letting in intruders seeking to hijack data.

    To manage the increasingly diverse digital landscape, IT and security managers need to move beyond usernames and passwords, and expand their use of multi-factor authentication (MFA) to help provide secure and convenient access to the critical data and systems users need. On this webinar our panel of experts will address how secure authentication can help enable GRC across the digital ecosystem, and they will share tips on:

    • Securing access at all points across applications, devices, users and environments.
    • Sharing insights across security systems to strengthen security.
    • Collecting and analyzing information to stop attacks.
    • How MFA can transform secure access—to any application, from any device, anywhere, at any time.
    • Strengthening identity assurance with privileged users.

    Moderator: Colin Whittaker, founder of Informed Risk Decisions

    Panelists: Jerrod Chong, SVP of Product at Yubico; Richard Bird, Chief Customer Information Officer at Ping Identity; Teju Shyamsundar, Senior Product Marketing Manager at Okta; and Andy Smith, Vice President of Product Marketing at Centrify.
  • Securing PKI with PrimeKey EJBCA and the YubiHSM 2 by Yubico Recorded: May 6 2019 35 mins
    Chris Job - PrimeKey, Professional Services Team Leader / Sebastian Elfors - Yubico, Solutions Architect
    Hardware security modules are table stakes when it comes to maintaining customer trust to protect against data theft and compromise. The world’s smallest hardware security module from Yubico, the YubiHSM 2, is now compatible with EJBCA for a range of public key infrastructure (PKI) use cases. PrimeKey and Yubico offer open source software and tools for implementing PKI based on PrimeKey’s EJBCA and the YubiHSM 2.

    Join Yubico Solutions Architect Sebastian Elfors,and PrimeKey Professional Services Team Leader Chris Job, for a technical webinar on how to secure your most critical data with PrimeKey EJBCA and the YubiHSM 2.

    This session will include:

    * An introduction to securing PKI with a hardware security module
    * Primary setup of the YubiHSM 2
    * Deploying YubiHSM 2 with PrimeKey’s EJBCA
    * Configuring the YubiHSM PKCS #11 library
    * Configuring EJBCA for use with YubiHSM 2
    * Adding and activating YubiHSM 2 Crypto Token in EJBCA AdminWeb
    * And more

    It is highly recommended that attendees read the EJBCA with YubiHSM 2 Usage Guide prior to attending this session in order to get a good baseline understanding.

    The usage guide is available here: https://developers.yubico.com/YubiHSM2/Usage_Guides/EJBCA_with_YubiHSM2.html
  • Enabling Digital Transformation: Best Practices for Authentication Recorded: Mar 13 2019 45 mins
    Abby Guha, Sr. Director, Product Marketing, Yubico
    The digital transformation of financial services is placing new demands on organizations looking to balance ease-of-use with security and stringent compliance regulations. How should financial services organizations provide secure access to customer information, account details, and other sensitive information without all the complexity?

    Most systems and applications require passwords and some may even have text based mobile authentication, but is that enough? How can organizations take advantage of new models for user authentication that offer opportunities to deliver ease of use while adhering to stringent security requirements.


    Attend this webinar to learn:

    - Risky password practices being used in workplaces
    - Best practices for enterprise authentication
    - How to mitigate risk with multi-factor authentication
    - Use cases for providing strong authentication to your employees and customers
  • 2019 State of Password and Authentication Security Behaviors Recorded: Feb 20 2019 59 mins
    Dr. Larry Ponemon, Ph.D., Chairman and Founder, Ponemon Institute and Abby Guha, Sr. Director Product Marketing, Yubico
    Despite the worsening state of online security, are we becoming more security-minded, and better yet, are we following best practices?

    The Ponemon Institute recently surveyed 1,761 IT and IT security practitioners in the United States, United Kingdom, Germany and France regarding password management and authentication practices for individuals both in the workplace and at home.

    What percentage of phishing attack victims changed their password behaviors?
    How many respondents admit to reusing passwords?

    The answers to these questions may surprise you.

    Attend this webinar to hear about the survey results and learn:

    * How privacy and security concerns affect password behaviors
    * Risky password practices in the workplace
    * What authentication technologies are being used
    * The cost of lost productivity associated with password management
    * Best practices for enterprise authentication
  • World's Smallest HSM Secures Modern Infrastructures: YubiHSM 2 Open Source SDK Recorded: Dec 5 2018 35 mins
    Abby Guha, Senior Director Product Marketing (Yubico)
    Security breaches are a growing industry wide problem that in 2018 cost companies an average of $3.8 million per breach. Software storage of cryptographic keys for servers is increasingly vulnerable as attacks become more sophisticated.

    Traditionally, organizations have used Hardware Security Modules (HSMs) that were costly and complex to set up. However, with the YubiHSM 2, organizations of all sizes can enable effective security for cryptographic keys, across the entire lifecycle, in a portable and affordable hardware form factor. And with the new open source SDK, developers can build in hardware based strong security for cryptographic keys across a wider range of platforms and services than ever before.

    Attend this webinar to learn more.
  • The State of Identity and Security in the Age of Cyber Attacks Recorded: Nov 13 2018 48 mins
    Sushila Nair (NTT DATA Services) | Derek Hanson (Yubico) | Ian Spanswick & Rebekah Moody(ThreatMetrix Inc LexisNexis Risk Co)
    Cyber attackers are becoming more sophisticated and data breaches are on the rise. According to a recent report, over 4.6 billion records were breached in the first half of 2018, showing a 133% increase compared to last year.

    With sensitive, personal and confidential data being at risk of ending up in the hands of cyber criminals, enterprises of all sizes are looking to strengthen their security in 2019.

    Join this exclusive keynote panel of industry experts as they discuss:
    - Trends in cyber attacks and breaches
    - Who is at risk
    - How to prevent breaches, data theft and future cyber crime
    - Advances in authentication
    - New in identity and access management
    - Security awareness and training
    - Best practices for securing the enterprise

    Speakers:
    - Sushila Nair, Sr. Director Security Portfolio, NTT DATA Services
    - Derek Hanson, Sr. Director Solutions Architecture & Standards, Yubico
    -Rebekah Moody, Fraud & Identity Director, ThreatMetrix
    -Ian Spanswick, VP Professional Services EMEA,ThreatMetrix
  • Who Is A Privileged User, Really? You May Be Surprised by the Answer Recorded: Oct 24 2018 38 mins
    David Treece, Sr. Solutions Architect, Yubico, Bassam Al-Khalidi, Co-CEO and Principal Consultant, Axiad IDS
    Allowing employees to use their own devices, and consequently moving enterprise assets to the cloud, can certainly improve productivity, but also puts the organization at risk for additional security threats. According to Gartner, more than 50% of organizations are unable to extend incumbent authentication methods to safely enable access for an increasingly mobile workforce.

    The way forward? Start by understanding that the IT Team is not your only high security risk. Organizations need ID assurance for every person and every system that puts the enterprise at risk. Until now, achieving this was too complex.

    Enterprises can now cost-effectively and easily extend their current authentication solutions. This all starts with accurately establishing the appropriate privilege level by identifying and defining who or what is actually “privileged”, based on access to sensitive information or privileged data. In this webinar, Yubico and Axiad IDS will discuss:

    - Why identifying privileged users is at the root of data breach prevention and what it takes to extend strong authentication across the enterprise
    - How enterprises can securely and efficiently manage the lifecycle of their devices and credentials, while saving on deployment and IT operational costs
    - The key benefits of enabling hardware-backed two-factor authentication to address the demands of an expanding digital workplace
  • Meet the YubiKey 5 Series Recorded: Oct 2 2018 21 mins
    Alex Yakubov, Sr. Director Ecosystem
    Join us for a session on the new YubiKey 5 Series and learn about the new features and benefits of our latest product line. We'll cover the difference between the YubiKey 5 Series with the YubiKey 4 Series and YubiKey NEO, as well as introduce the use cases and concepts of going passwordless.
  • Making sense of Blockchain and Authentication Recorded: Sep 19 2018 46 mins
    Ali Yahya, Partner, A116Z, Stina Ehrensvard - CEO/Founder, Alex Yakubov, Sr. Director of Ecosystem, at Yubico
    You solve security challenges in the realm of authentication and identity—and now the new buzz word “blockchain” is popping up everywhere. Join Yubico founder Stina Ehrensvard and a16zcrypto Partner Ali Yahya for a session on blockchain and authentication technologies. We’ll help you make sense of these technologies, and how they fit together in the security and identity management landscape.
  • Technical Overview: FIDO2 WebAuthn Server Validation Recorded: Jun 28 2018 75 mins
    Emil Lundberg, Luke Walker
    Watch this webinar for a technical overview of WebAuthn for Relying Parties. This session is led by Emil Lundberg, a key contributor and one of the nine editors of the W3C WebAuthn specification.

    Join us for a deep dive of how to integrate WebAuthn relying party operations into an authentication server.


    Key topics include:
    - FIDO Authentication, CTAP, and WebAuthn
    - Getting started with java-webauthn-server
    - Application structure
    - Data storage
    - Registering credentials
    - Authenticating credentials
    - Best Practices

    This webinar is intended for software engineers, developers, software architects, and product managers, though it is open to anyone interested on the topic.
  • Technical Overview: FIDO2 WebAuthn Data Flows, Attestation, and Passwordless Recorded: Jun 21 2018 32 mins
    Emil Lundberg, Luke Walker
    Watch this webinar for a technical overview of WebAuthn for web applications. This session is led by Emil Lundberg, a key contributor and one of the nine editors of the W3C WebAuthn specification.

    Join us for a deep dive into the core concepts required to integrate WebAuthn into your web application, including what happens behind the scenes during registration and authentication.

    Key topics include:
    - FIDO Authentication, CTAP, and WebAuthn
    - Registration Walkthrough
    - What is Attestation?
    - Resident Keys
    - Second-Factor Authentication
    - Password-less Authentication

    This webinar is intended for software engineers, developers, software architects, and product managers, though it is open to anyone interested on the topic.
  • FIDO2 Authentication Demystified Recorded: Jun 13 2018 25 mins
    Derek Hanson, Luke Walker
    Watch this webinar to learn what FIDO2 Authentication is, and how to architect FIDO2 Authentication within applications. This session is led by Derek Hanson, Yubico Senior Director of Solutions Architecture and Standards.

    Key topics include:
    - What is FIDO2
    - Passwordless Login Demystified
    - Making sense of FIDO2, WebAuthn, CTAP and U2F

    This webinar is intended for Product managers and developers, though it is open to anyone interested.
  • GDPR: Achieving Compliance and Secure Authentication with 2FA & Customer IAM Recorded: May 22 2018 31 mins
    Alex Yakubov (Yubico), Jesper Johansson (Yubico), Baber Amin (Ping Identity)
    The General Data Protection Regulation (GDPR) comes into effect May 25, 2018, and it impacts organizations throughout the world who sell, market to, and even collect any personal data of EU citizens. It has far reaching operational and IT impacts. Critical to GDPR compliance are security, data-access governance, and transparency in the collection and use of personal data for EU citizens, including use-based consent, self-service personal data management, and data encryption in every state (at rest, in motion, in use).

    As organizations look for efficient ways to check the compliance boxes, article by article, it is important to note that compliance is only a step towards strengthening your engagement with customers and preserving their data privacy.

    One of the key components for GDPR compliance is the need for strong authentication and identity management. Join this webinar to learn about the Secure Authentication requirements of GDPR, how to meet those requirements, and strengthen security at the same time.

    In this webinar, Yubico and Ping Identity will discuss:
    ● How Customer Identity and Access Management (Customer IAM) solutions provide key capabilities that help meet GDPR requirements ‘out of the box’
    ● Architectural best practices of Customer IAM that make compliance more cost effective and efficient
    ● How organizations can turn the GDPR compliance challenge into an opportunity by providing a single, unified view of the customer, building trust, and enabling secure, seamless and personalized customer engagement

    Moderator:
    Alex Yakubov, Senior Director - Ecosystem (Yubico)

    Speakers:
    Jesper Johansson, Chief Security Architect (Yubico)
    Baber Amin, Market Leader, Cloud Security Services (Ping Identity)
  • The #1 Cybersecurity Concern for the Boardroom Recorded: Apr 24 2018 27 mins
    Paula Skokowski, Yubico CMO
    The connection between cybersecurity and a company’s bottom line is increasingly becoming clear to all stakeholders in an organization, not the least of which is the boardroom. Cybersecurity has quickly risen in importance as an agenda item in most boardroom planning discussions and is now perceived and treated as a critical and strategic consideration.

    The key risks mapped to cybersecurity fears range from brand damage, breach costs, and loss of competitive advantage through corporate espionage. Join this webinar to cut through the noise and uncover the #1 cybersecurity risk board members should take action on that will have the biggest impact on their organization.
  • Uber Data Breach: Impact and Lessons for CISO's Recorded: Nov 30 2017 60 mins
    Alex Holden (Hold Security) | Jesper Johansson (Yubico) | Nathan Wenzler (AsTech)
    Uber recently disclosed a massive data breach in which the personal information of 57 million Uber customers and drivers were stolen by hackers in October 2016. What are some of the lessons we can draw from this latest breach?

    Join this interactive panel of experts as they review:
    - What is the impact of this breach?
    - What should Uber users do in response to this breach?
    - What are the most common reasons for breaches?
    - What should organizations be doing to better tighten their security?

    Speakers:
    - Alex Holden, CISO of Hold Security
    - Jesper Johansson, Chief Security Architect, Yubico
    - Nathan Wenzler, Chief Security Strategist, AsTech Consulting
Your Key to a Safer Internet
Yubico was founded in 2007 with the mission to make secure login easy and available for everyone. In close collaboration with leading internet companies and thought leaders, Yubico co-created the FIDO U2F and FIDO2/WebAuthn open authentication standards, which have been adopted in major online platforms and browsers, enabling two-factor, multi-factor, and passwordless login and a safer internet for billions of people.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: The Future of Authentication: How Two Factor Authentication is Dying
  • Live at: Jun 2 2019 2:30 pm
  • Presented by: Dr. Johannes Ullrich, SANS
  • From:
Your email has been sent.
or close