Wednesday, January 25 • 3:00pm - 3:50pm
"Stealth" Authentication - how to not leak information to hackers in web application authentication

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Web application authentication systems often unnecessarily leak valuable information to hackers and thus enable user enumeration, denial of service and attacks on authentication factors.

The talk shows where information is leaked and how this can be prevented. Further, a simple and effective way of preventing denial of service attacks based on account locking is shown.

Giving real-world examples, the term "side-channel-safe" second factor is introduced and it is shown how this property influences the security of the overall authentication scheme.

The talk closes with usability considerations and what features a well designed "stealth authentication system" should provide.

avatar for Marc Bütikofer

Marc Bütikofer

Director Innovation, Ergon Informatik AG
Marc Buetikofer serves as Director Innovation and CTO for Airlock, a leading Swiss web application security suite provided by the company Ergon Informatik AG in Zurich.After joining Ergon Informatik in 2000 he provided numerous security engineering projects with his expertise before... Read More →

Wednesday January 25, 2017 3:00pm - 3:50pm PST
Terrace Lounge