Everyone knows now that hackers don’t break in, they log in. Identity and authentication have gone from being security solutions, to a source of security problems. While the problem is clear most don’t know how this happens and what to do about it. This talk explores the most common and painful risks, attack tactics, tools like Info-stealers driving this surge in account takeover and account risks, and the wide range of options in how to tackle this gnarly problem.
We will discuss in detail – Authentication Flaws, Use of Stolen Credentials, Credential Stuffing, Naive Account Creation and Hygiene, Exfiltration of Value, Lateral Movement, Triangulation, Good Customer, Cheating Intent, and more.
For each issue we’ll dive into the threat actor’s goals, tactics and tools. We’ll use this to give an idea on how to protect and detect them with a variety of “here and now” near at hand tools and look out to the horizon of new ways to defend. We’ll discuss the balancing act between security and usability and how to navigate and find a balance between user friction and safety.
