Patrick McBride and Jasson Casey at Beyond Identity
About this talk
Most credentials are some form of symmetric, or shared secret (like passwords). The problem is that a shared secret must be shared and transmitted between a client and a server. Application load balancers, proxies, and content distribution networks ensure that these secrets touch the memory of many machines between the client and the server.
If any of these machines were to become compromised, the shared secrets it contains are also compromised. Users can also unknowingly or unwittingly divulge the shared secret.
Preventing credential theft requires the realization that the movement of the credential is bad. Every time the credential moves, it increases the surface area that must be protected.
If a credential never moved, it would have a surface area the size of its host computer.
Asymmetric cryptography provides the technical means of creating unmovable credentials. Create an asymmetric key pair, share the public key, don’t move the private key, and sign challenges with your private key. This is a simple mechanism that chips away at the problem.
Join Beyond Identity's CMO, Patrick McBride, and CTO, Jasson Casey, as they, joined by KnowBe4's Roger Grimes, try to bust this latest myth!
Follow Beyond Identity: