NOWSECURE CONNECT 2022 CONFERENCE - REGISTER TODAY!

NowSecure Connect — THE mobile AppSec + AppDev community online event — returns with new content and the latest training. Join the world’s brightest innovators, practitioners, community leaders, and industry influencers LIVE online for in-depth training, discussions, strategy sessions, CTF and more. Gain access to keynotes, exclusive breakouts, expert panels, on-demand sessions, plus an interactive peer-to-peer community. #NSConnect22 is your source for cutting-edge mobile AppDev, mobile AppSec and mobile DevSecOps insight. Register your crew today!

NOWSECURE CONNECT 2022 CONFERENCE - REGISTER TODAY! NOWSECURE CONNECT 2022 CONFERENCE - REGISTER TODAY! Show More
magnifying glass icon

Stronger Identity Protection via Mobile Devices – Passwords13

At this year’s PasswordsCon, viaForensics Mobile Researcher David Weinsten presented “Stronger Identity Protection via Mobile Devices”. The presentation was made on July 30, 2013. The presentation’s abstract:

In this talk we will show how a mobile phone can promote password security by relieving users from the need to type in long and complex passwords. The need for stronger passwords and multi-factor authentication in today’s digital environment is widely recognized. There are even special hardware devices offered on the market to facilitate stronger authentication: “password typing” tokens, tokens designed to act as a second authentication factor, etc. Such solutions are often limited, e.g., they can “type” only one password, limited to certain systems, or require significant backend integration effort from software developers. In this talk we will re-visit the idea of using mobile phones in a multi-factor authentication. Unlike previous approaches, we won’t limit ourselves with sending codes over SMS or OTP generation on the device. Instead, we will turn an Android phone into a “password typing” device that acts similarly to YubiKey(R) but is not constrained to a single password. We will also show how on-device password managers can be integrated with this feature to provide a very convenient and familiar UX.