Multi-factored Authentication (MFA) has gone mainstream, so why are we still getting phished? Come join us for a demonstration of hacking humans and authentication frameworks, explore the weaknesses and engineering failures that permit these attacks, and then focus on armoring up your identity ecosystem to create resilient, hardened interfaces designed for next-generation attacks. Passwordless, FIDO2 tokens, and biometrics are great, but without armoring the ecosystem and addressed systemic issues, you have merely shifted the problem to other attack vectors. This talk will present a roadmap to advancing your identity defenses, and a 30/60/180 day plan to drive implementation and succeed.

Learning Objectives:

• Understand and explain the human and engineering weaknesses leading to MFA bypass attacks
• Explain the material flaws in enterprise identity systems that create the opportunity for compromise
• Describe the 30/90/180 day plan for tactical and strategic improvements and strengthening of their identity ecosystem