Season 3 finale: What's the deal with Authentication, MFA, and Password Managers?
8th Layer Insights
English - January 24, 2023 05:00 - 1 hour - ★★★★★ - 54 ratingsSocial Sciences Science Business cybersecurity psychology behavior science human layer human factor social engineering scams security culture phishing security awareness Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
For the last episode of season 3, I thought we'd talk about something that's been in the news quite a lot recently: Authentication and Password Managers. As security professionals, we've decried the password for decades. Multifactor authentication (MFA) has started to gain popularity... but not without its own issues. Security leaders and tech teams may have once again hoped for a silver bullet, only to be disappointed to find out that crafty attackers can easily bypass MFA. We've also been touting the benefits of Password Managers for quite a while. After all, in a world where most of us have to manage upwards of 200 passwords in a year, who can keep up? No human can have great password hygiene across all those accounts. But password managers also face their own problems as illustrated by a recent high-profile incident.
Our guest today is Roger Grimes. He has a multi-decade cybersecurity career and is the author of 13 cybersecurity books, countless articles, and is a highly sought-after industry luminary. ... Oh -- and he has opinions. Listen in as Roger and I discuss the current state of authentication, MFA, password managers, and more.
Guests:
Roger Grimes (LinkedIn) (Twitter)
Want to submit a question to have answered in a future episode?
If you’ve got a question or comment that you’d like me to try to answer or respond to, leave a voice message at https://www.speakpipe.com/8Li. Frankly, that would make it more engaging than if I just read your questions. But, if you aren’t able to record a message or don’t want your voice on the show, then you can email me your questions at [email protected]. I’d love to hear from you and answer any questions you have about my thoughts on security topics, creativity, online culture, podcasting… or anything else you have on your mind.
Books & References:
Password Managers Can Be Hacked Lots of Ways and Yes, You Should Still Use One, by Roger Grimes
Roger's Password Masterclass
Roger's Hacking MFA presentation
Hacking Multifactor Authentication, by Roger Grimes
Cryptography Apocalypse: Preparing for the Day When Quantum Computing Breaks Today's Crypto, by Roger Grimes
Ransomware Protection Playbook, by Roger Grimes
A Data-Driven Computer Defense: A Way to Improve Any Computer Defense, by Roger Grimes
Hacking the Hacker: Learn from the Experts Who Take Down Hackers, by Roger Grimes
LastPass Security Incident, December 22, 2022
LinkedIn 2FA Hacking demo by Kevin Mitnick
The Humane Interface: New Directions for Designing Interactive Systems, by Jef Raskin
Wired Magazine Article -- The Best Password Managers to Secure Your Digital Life
Perry's new show, Digital Folklore kicked-off Jan 16. Check out the website (https://digitalfolklore.fm/) to see our custom artwork, subscribe to the newsletter, check out our merch, Patreon, and more. Want to check out what others are saying? Here's some recent press about the show: https://digitalfolklore.fm/in-the-news
Perry's Books
Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter
The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer
Production Credits:
Music and Sound Effects by Blue Dot Sessions, Envato Elements, Storyblocks, & EpidemicSound.
Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.
8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/
Want to get in touch with Perry? Here's how:
Email: perry [at] 8thLayerMedia [dot] com
For the last episode of season 3, I thought we'd talk about something that's been in the news quite a lot recently: Authentication and Password Managers. As security professionals, we've decried the password for decades. Multifactor authentication (MFA) has started to gain popularity... but not without its own issues. Security leaders and tech teams may have once again hoped for a silver bullet, only to be disappointed to find out that crafty attackers can easily bypass MFA. We've also been touting the benefits of Password Managers for quite a while. After all, in a world where most of us have to manage upwards of 200 passwords in a year, who can keep up? No human can have great password hygiene across all those accounts. But password managers also face their own problems as illustrated by a recent high-profile incident.
Our guest today is Roger Grimes. He has a multi-decade cybersecurity career and is the author of 13 cybersecurity books, countless articles, and is a highly sought-after industry luminary. ... Oh -- and he has opinions. Listen in as Roger and I discuss the current state of authentication, MFA, password managers, and more.
Guests:
Roger Grimes (LinkedIn) (Twitter)Want to submit a question to have answered in a future episode?
If you’ve got a question or comment that you’d like me to try to answer or respond to, leave a voice message at https://www.speakpipe.com/8Li. Frankly, that would make it more engaging than if I just read your questions. But, if you aren’t able to record a message or don’t want your voice on the show, then you can email me your questions at [email protected]. I’d love to hear from you and answer any questions you have about my thoughts on security topics, creativity, online culture, podcasting… or anything else you have on your mind.
Password Managers Can Be Hacked Lots of Ways and Yes, You Should Still Use One, by Roger Grimes
Roger's Password Masterclass
Roger's Hacking MFA presentation
Hacking Multifactor Authentication, by Roger Grimes
Cryptography Apocalypse: Preparing for the Day When Quantum Computing Breaks Today's Crypto, by Roger Grimes
Ransomware Protection Playbook, by Roger Grimes
A Data-Driven Computer Defense: A Way to Improve Any Computer Defense, by Roger Grimes
Hacking the Hacker: Learn from the Experts Who Take Down Hackers, by Roger Grimes
LastPass Security Incident, December 22, 2022
LinkedIn 2FA Hacking demo by Kevin Mitnick
The Humane Interface: New Directions for Designing Interactive Systems, by Jef Raskin
Wired Magazine Article -- The Best Password Managers to Secure Your Digital Life
Perry's new show, Digital Folklore kicked-off Jan 16. Check out the website (https://digitalfolklore.fm/) to see our custom artwork, subscribe to the newsletter, check out our merch, Patreon, and more. Want to check out what others are saying? Here's some recent press about the show: https://digitalfolklore.fm/in-the-news
Perry's BooksTransformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter
The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer
Production Credits:
Music and Sound Effects by Blue Dot Sessions, Envato Elements, Storyblocks, & EpidemicSound.
Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.
8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/
Want to get in touch with Perry? Here's how:Email: perry [at] 8thLayerMedia [dot] com