Passwords are such a known issue in the security world that most people’s eyes glaze over when you bring up the topic. No matter how many times people roll their eyes, passwords are a problem. The fact remains, strong passwords are hard to remember, and strict company password policies and rotation bother employees. These difficulties allow for attacks such as phishing attacks and password re-use. We all know we need another solution. There have been multiple attempts to solve the password problem, such as biometrics and password managers, but they all have their own quirks and flaws. Enter FIDO2. The FIDO2 specification aims to get rid of passwords once and for all, without sacrificing security. In this talk, we have an in-depth look at what FIDO2 offers, whether it solves the password problem and discuss its security model.
Speaker
Nils Amiet (Kudelski Security)