The Future is Now: How Authentication Standards are Changing

with Johannes Ullrich from SANS

Tuesday, January 19
Noon ET
Presentation Slides


We all know that passwords don’t work, and two-factor authentication is inconvenient for users. So how do we authenticate users securely, with low friction across various platforms?

Luckily, emerging standards are attempting to solve this problem. One of the prominent solutions currently being implemented, FIDO2, tries to take advantage of ubiquitous biometric sensors and leveraging them to authenticate users to standards-based web applications. The standard provides APIs to leverage existing biometric sensors or cryptographic keys to authenticate users while at the same time taking increasing privacy concerns into account.

In this presentation, you will learn the basic protocols used in these authentication schemes, how to implement this type of authentication, and what options you have to make the experience enjoyable and straightforward for your users. In particular, this will take into account mobile web applications that have been difficult to secure with strong passwords and legacy two-factor authentication systems.

Speaker: Johannes Ullrich, Dean of Research, SANS Technology Institute

Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. In 2000, he founded DShield.org, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a web development company and as a research physicist. Johannes holds a PhD in physics from SUNY Albany and is based in Jacksonville, Florida. His daily podcast summarizes current security news in a concise format.

Access Techburst

The Techbust Zoom link will be posted here 15 minutes prior to the start of the presentation. This session is open to the public, as well as designated representatives of REN-ISAC member institutions. Information is classified TLP:WHITE (REN-ISAC:PUBLIC).

Can’t make the Techburst? This session will be recorded and made available on this page in the week following the presentation. Check back here for the recording.