On February 18th, OWASP Göteborg will host an event on authentication. We are very happy to welcome Per Thorsheim, founder of the Passwords conference, och Klas Lindfors from Yubico. They will tell us about the state of passwords and how two-factor authentication can help us stay more secure. Magnus Almgren from Chalmers will also share some information about RAID2014, which will be held in Göteborg this fall. In other words it looks to be an enlightening evening, as usual!
We are grateful to our sponsor for the evening, Ajilon Consultants AB, for food, drink, venue and enabling us to import speakers from foreign countries (Norway, that is).
This event will be held in English!
17:30 Event starts with a light snack and drink. A word from our sponsor Ajilon Consultants.
18:00 Community update
18:10 Klas Lindfors / Yubico - OTP and U2F
19:00 Short break
19:10 Per Thorsheim / Stricture Consulting Group, God Praksis AS - (Almost) everything about passwords that OWASP won't teach you
20:00 Beer, snacks and some serious security live chat
Approx. 21:00 Event ends
Speaker bios and abstracts
One time passwords are being deployed by larger websites including Google, Facebook, GitHub, LinkedIn etc but they have their ups and downs. What type of OTP should you use; the YubiKey OTP, OATH HOTP, or OATH TOTP? How would you validate the OTP; building your own server and protecting the secrets, or rely on a cloud service like Yubico's YubiCloud or VeriSign VIP? The talk will also cover the future of two-factor authentication with the FIDO Universal 2nd Factor (U2F) protocol.
Klas Lindfors is a software developer at Yubico, working with one time passwords at all layers: firmware, personalization & validation.
OWASP has some wonderful guidelines on sending, storing and resetting passwords. However there are still challenges that cannot be addressed through technical measures, they need to be addressed by humans, and not just developers. Through color & font selections, association elements, password managers, human pattern analysis and more, this talk will discuss what we are still doing wrong, the risks associated with bad passwords, and give some advice on what we need to do in order to improve our online security.
Per Thorsheim is the founder & main organizer of the Passwords conferences (PasswordsCon.org), a conference fully dedicated to passwords & PINs. He's been working, examining, playing, dreaming and discusssing passwords for more than 14 years, and is still going strong. He publicly disclosed the hacking of Linkedin in june 2012, and has been interviewed and quoted around the world on his excessive interest in passwords. During daytime he tries to solve challenges for his customers through security awareness training & security advisory services. Some say he's good at explaining advanced topics to regular humans. He is certified CISA, CISM and CISSP-ISSAP.
When & Where
Det lokala chaptret i Göteborg inom Open Web Application Security Project (OWASP)
Att bli medlem är enkelt och gratis - du behöver du bara gå med i mailinglistan.