MFA Stops Credential Theft? - Cybersecurity Mythbusters

Presented by

Patrick McBride and Jasson Casey at Beyond Identity

About this talk

Most credentials are some form of symmetric, or shared secret (like passwords). The problem is that a shared secret must be shared and transmitted between a client and a server. Application load balancers, proxies, and content distribution networks ensure that these secrets touch the memory of many machines between the client and the server. If any of these machines were to become compromised, the shared secrets it contains are also compromised. Users can also unknowingly or unwittingly divulge the shared secret. Preventing credential theft requires the realization that the movement of the credential is bad. Every time the credential moves, it increases the surface area that must be protected. If a credential never moved, it would have a surface area the size of its host computer. Asymmetric cryptography provides the technical means of creating unmovable credentials. Create an asymmetric key pair, share the public key, don’t move the private key, and sign challenges with your private key. This is a simple mechanism that chips away at the problem. Join Beyond Identity's CMO, Patrick McBride, and CTO, Jasson Casey, as they, joined by KnowBe4's Roger Grimes, try to bust this latest myth! Follow Beyond Identity: Website:
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (27)
Subscribers (921)
Zero Trust Authentication protecting your workforce, customers, and developers with passwordless, phishing-resistant MFA!