It’s hard to believe it’s the 20th anniversary of Cyber Security Awareness Month. Per usual, the media is saturated with best practices on how to stop the barrage of cyberattacks that have only increased – year after year.
However, when it comes to attacks, the only stat you should be intimately familiar with is this one: over 80% of attacks occur at the credential level. So, if you did nothing else but protect that area of your enterprise, you’d be a lot more secure.
Queue music for the best conference to attend to achieve this goal. Besides the idyllic location of this year’s Authenticate, the case study content will give you practical advice on how to best protect all your users (remote and 3rd party) as well as applications – all without passwords. Unlike the larger cyber security shows, Authenticate’s smaller audience allows you to ask security experts questions after their presentations and spend quality time at all the vendor booths for the latest innovation offerings. After attending last year’s event in Seattle, I’m even more excited to see if this one can live up to everyone’s expectations.
Here are a few presentations I’m excited to see.
- SMS-based 2FA: A Short-term Win, Long-term Burden
- By Abhinav Lele | Staff Security Engineer, Shopify Inc.
- Connect the Dots: FIDO Adoption on US Government Mobile Devices
- By Kenneth Myers | Director IAM, U.S. General Services Administration
- Ins & OUTs of Social Authentication at Pinterest
- By Euccas Chen | Senior Software Engineer, Pinterest
- Learnings and wishes from deploying FIDO for enterprise employees
- By Kang Wang | Staff Security Engineer, Alibaba Group
Check out SecureAuth Booth #113
And while you are enjoying the great content, be sure to visit the SecureAuth booth (#113) for a demo of our next-generation passwordless continuous authentication solution, Arculix. Our patented approach to authentication is truly game-changing and it’s worth the time to see it for yourself. You can also schedule a meeting with us in advance.
Passkeys: Hype v Reality
If you look at the Authenticate agenda, you’ll see most of the content relates to the saving graces of passkeys. While we understand the importance of passkeys as a more secure alternative to passwords – especially in CIAM use cases – they don’t solve all issues related to authentication security.
SecureAuth supports a variety of phishing resistant methods of MFA, with passkeys being just one of those options. However, we want to caution security and IT professionals that passkeys aren’t fail-proof. Passkeys can be hacked, and they only provide a binary approach to authentication. Meaning they don’t offer a continuous authentication approach with an AI/ML based risk-engine, throughout the user journey (including post authorization) that is required to thwart hackers in their relentless search to find vulnerabilities in your enterprise.
We look forward to seeing you in Carlsbad.