12
Fear and Loathing of 2fa Igor Bulatenko

Fear and Loathing of 2fa

Embed Size (px)

Citation preview

Page 1: Fear and Loathing of 2fa

Fear and Loathing of 2fa

Igor Bulatenko

Page 2: Fear and Loathing of 2fa

• Social engineering

• Online-bruteforce

• Server compromise

• Client compromise

How they steal your pass

Page 3: Fear and Loathing of 2fa

• https://twofactorauth.org/providers/ (Use web.archive.org)

• Auth methods

• Flexibility

• System cover

• API (auth + admin)

How to choose

https://twofactorauth.org/providers/
https://twofactorauth.org/providers/
https://twofactorauth.org/providers/
Page 4: Fear and Loathing of 2fa

• Interactive• SMS code• Token code• Phone call code• App code

• Non-interactive• Mobile app push• Phone call confirmation

Auth methods

Page 5: Fear and Loathing of 2fa

• *nix

• Windows

• Databases

• Web apps

• All others

System coverage

Page 6: Fear and Loathing of 2fa

• Native 2fa since OpenSSH 6.2 (https://lwn.net/Articles/544640/)

• Password/keyboard interactive

• Force command

• Non native support via pam_radius

• Bulk actions

• Server-level switch

*nix auth

https://lwn.net/Articles/544640/
https://lwn.net/Articles/544640/
Page 7: Fear and Loathing of 2fa

• Authentication provider

• Protected methods (local/RDP/winrm/…)

• Server-level switch

Windows

Page 8: Fear and Loathing of 2fa

• Oracle DB• Radius auth• DB Links• IDE multiple sessions• Bulk actions• User-level switch

• Postgresql• pam_auth

Databases

Page 9: Fear and Loathing of 2fa

• LDAP/Radius

• Interactive/non-interactive

• Splitter in password

Auth proxy

Page 10: Fear and Loathing of 2fa

• Non android/iOS devices

• Non smartphone devices

• Bulk actions

Common cases

Page 11: Fear and Loathing of 2fa

• RSA SecureID like

• HOTP

• Yubikey

Tokens

Page 12: Fear and Loathing of 2fa

Q&A


FEAR AND LOATHING IN AMERICA’S “HAPPIEST PLACE” A

FEAR AND LOATHING IN AMERICA’S “HAPPIEST PLACE” A

Documents
Fear and Loathing – The Rhetoric of Fear Inducing Terrorism · 14-09-2010  · Fear and Loathing: The Rhetoric of Fear-Inducing Terrorism Paul K. Peterson, Emeritus Professor of

Fear and Loathing – The Rhetoric of Fear Inducing Terrorism · 14-09-2010  · Fear and Loathing: The Rhetoric of Fear-Inducing Terrorism Paul K. Peterson, Emeritus Professor of

Documents
Fear and Loathing in Legal Academia: Legal Academics

Fear and Loathing in Legal Academia: Legal Academics

Documents
FEAR AND LOATHING IN THE AIR: COMBAT FEAR AND STRESS … › dtic › tr › fulltext › u2 › a477017.pdf · 2011-05-14 · Fear and Loathing in the Air: Combat Fear and Stress

FEAR AND LOATHING IN THE AIR: COMBAT FEAR AND STRESS … › dtic › tr › fulltext › u2 › a477017.pdf · 2011-05-14 · Fear and Loathing in the Air: Combat Fear and Stress

Documents
Fear and Loathing

Fear and Loathing

Documents
Fear and Loathing in the Media Transfer Protocol

Fear and Loathing in the Media Transfer Protocol

Documents
A Fear and Loathing of Detente: Perspectives on Criticisms

A Fear and Loathing of Detente: Perspectives on Criticisms

Documents
Fear and Loathing on the Campaign Trail: The Role of ...Fear and Loathing on the Campaign Trail: The Role of Terrorist Threat in Russian Election Campaigns ... what role do fear and

Fear and Loathing on the Campaign Trail: The Role of ...Fear and Loathing on the Campaign Trail: The Role of Terrorist Threat in Russian Election Campaigns ... what role do fear and

Documents
Fear and Loathing: Combating Speculation in Local Communities

Fear and Loathing: Combating Speculation in Local Communities

Documents
CCC 2015 Fear and Self-loathing in IT

CCC 2015 Fear and Self-loathing in IT

Technology
Expert Witness Testimony: Fear and Loathing or Fun and Games?

Expert Witness Testimony: Fear and Loathing or Fun and Games?

Documents
Fear and Loathing in Social Media

Fear and Loathing in Social Media

Business
Fear and Loathing in Populist Campaigns? Comparing the … · Fear and loathing in populist campaigns? ... social norms and taking pleasure in displaying “bad manners” (Moffitt

Fear and Loathing in Populist Campaigns? Comparing the … · Fear and loathing in populist campaigns? ... social norms and taking pleasure in displaying “bad manners” (Moffitt

Documents
Fear and Loathing across Party Lines: New Evidence on ...seanjwestwood/papers/partisanAffectAPSA.pdf · Fear and Loathing across Party Lines: New Evidence on Group Polarization Shanto

Fear and Loathing across Party Lines: New Evidence on ...seanjwestwood/papers/partisanAffectAPSA.pdf · Fear and Loathing across Party Lines: New Evidence on Group Polarization Shanto

Documents
That conference 2015 fear and self-loathing in it

That conference 2015 fear and self-loathing in it

Software
Fear and Loathing Excerpt for EW

Fear and Loathing Excerpt for EW

Documents
Fear and Loathing in 2010 :

Fear and Loathing in 2010 :

Documents
Fear and Loathing in Community Wireless Networks

Fear and Loathing in Community Wireless Networks

Documents
Fear & Loathing in Las Vegas - Boards

Fear & Loathing in Las Vegas - Boards

Art & Photos
Fear and Loathing in Downtown Annapolis

Fear and Loathing in Downtown Annapolis

Documents
Fear, loathing and lies in Rakhine state

Fear, loathing and lies in Rakhine state

Documents
Fear and loathing in Las Inbox

Fear and loathing in Las Inbox

Technology
Fear And Loathing In Perpetuities

Fear And Loathing In Perpetuities

Documents
Fear and loathing data monetization final

Fear and loathing data monetization final

Healthcare
Fear and loathing with APL (oredev)

Fear and loathing with APL (oredev)

Technology
2010 ESRC Festival Fear and Loathing in Sheffield: Public .../file/Festival-of... · Fear and Loathing in Sheffield: Public Fear in an Saturday, 12th March 2010 Urban Landscape

2010 ESRC Festival Fear and Loathing in Sheffield: Public .../file/Festival-of... · Fear and Loathing in Sheffield: Public Fear in an Saturday, 12th March 2010 Urban Landscape

Documents
Fear and Loathing in Political Campaign Advertisements

Fear and Loathing in Political Campaign Advertisements

Documents
Fear & Loathing in Analytics

Fear & Loathing in Analytics

Technology
Fear and Loathing at PhoneGap

Fear and Loathing at PhoneGap

Technology
Fear and Loathing in Agility: Long Live the Accounting Department

Fear and Loathing in Agility: Long Live the Accounting Department

Technology