Season 3 finale: What's the deal with Authentication, MFA, and Password Managers?
For the last episode of season 3, I thought we'd talk about something that's been in the news quite a lot recently: Authentication and Password Managers. As security professionals, we've decried the password for decades. Multifactor authentication (MFA) has started to gain popularity... but not without its own issues. Security leaders and tech teams may have once again hoped for a silver bullet, only to be disappointed to find out that crafty attackers can easily bypass MFA. We've also been touting the benefits of Password Managers for quite a while. After all, in a world where most of us have to manage upwards of 200 passwords in a year, who can keep up? No human can have great password hygiene across all those accounts. But password managers also face their own problems as illustrated by a recent high-profile incident.
Our guest today is Roger Grimes. He has a multi-decade cybersecurity career and is the author of 13 cybersecurity books, countless articles, and is a highly sought-after industry luminary. ... Oh -- and he has opinions. Listen in as Roger and I discuss the current state of authentication, MFA, password managers, and more.
Want to submit a question to have answered in a future episode?
If you’ve got a question or comment that you’d like me to try to answer or respond to, leave a voice message at https://www.speakpipe.com/8Li. Frankly, that would make it more engaging than if I just read your questions. But, if you aren’t able to record a message or don’t want your voice on the show, then you can email me your questions at perry@8thLayerMedia.com. I’d love to hear from you and answer any questions you have about my thoughts on security topics, creativity, online culture, podcasting… or anything else you have on your mind.
Books & References:
- Password Managers Can Be Hacked Lots of Ways and Yes, You Should Still Use One, by Roger Grimes
- Roger's Password Masterclass
- Roger's Hacking MFA presentation
- Hacking Multifactor Authentication, by Roger Grimes
- Cryptography Apocalypse: Preparing for the Day When Quantum Computing Breaks Today's Crypto, by Roger Grimes
- Ransomware Protection Playbook, by Roger Grimes
- A Data-Driven Computer Defense: A Way to Improve Any Computer Defense, by Roger Grimes
- Hacking the Hacker: Learn from the Experts Who Take Down Hackers, by Roger Grimes
- LastPass Security Incident, December 22, 2022
- LinkedIn 2FA Hacking demo by Kevin Mitnick
- The Humane Interface: New Directions for Designing Interactive Systems, by Jef Raskin
- Wired Magazine Article -- The Best Password Managers to Secure Your Digital Life
Perry's new show, Digital Folklore kicked-off Jan 16. Check out the website (https://digitalfolklore.fm/) to see our custom artwork, subscribe to the newsletter, check out our merch, Patreon, and more. Want to check out what others are saying? Here's some recent press about the show: https://digitalfolklore.fm/in-the-news
- Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter
- The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer
8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/