Security Meetup: Protect Your User Accounts Like It’s 2019

Loading Map....
February 06, 2019 6:00 am - 8:00 am
SBA
Favoritenstraße 16
1040 Vienna
Austria

The media are full of news regarding breached user accounts and passwords. Also, password-guessing attacks are rarely well protected against in applications, even in new ones.

Questions you might ask yourself:

  • What can we do about that?
  • Shall we lock out users after too many failed attempts?
  • If we do, shall we lock them permanently or temporarily?
  • If temporarily, how long?
  • How can I prevent an attacker from systematically locking out users?
  • Is user enumeration even a thing?
  • How do big companies deal with this?
  • What does a modern password policy look like?
  • How can I make sure that everything is transparent to my users and that they can notice and react on malicious activity?
  • Are there other and better mechanisms to protect user accounts?

Unfortunately, the answers to these questions are not always trivial, and depend on the type of data that your application processes, and also on the requirements regarding the CIA triad. In this meetup, we’ll explore which questions you need to answer in order to make an educated decision on what to do.

We’ll also explore some pretty smart techniques to achieve a balance between confidentiality/integrity and availability requirements, and how this technique can help you solve a number of other problems.

18:00 Gathering, intro

18:10 to 18:50: Talk: “Protect Your User Accounts Like It’s 2019” by Thomas Konrad

18:50 to 19:00: Talk Q&A

19:00 to 20:00: Have a beer, socialize, talk, discuss!

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close