OWASP Monthly Meeting - "Passwords and Tokens and Humans, Oh My!"

"Passwords and Tokens and Humans, Oh My! - Usability and user acceptance of FIDO U2F tokens"

Summary:
The failings of passwords as an authentication mechanism have been well known for decades. Yet, adoption of stronger authentication remains unusual despite an industry push toward two-factor authentication tools. This talk will begin with an overview of current two-factor authentication solutions. This overview will be followed by insights from a user study of one such solution, based on the Fast IDentity Online Universal Second Factor (FIDO U2F) standard. Both user experience and user perceptions of the solution will be discussed.

This talk is based on research conducted by the presenter and others at Indiana University, and presented at Financial Cryptography and Data Security 2018.

A brief presenter bio:
Andrew is a security researcher and consultant, with a focus on human factors and roots in Linux and Open Source software. His academic publications have touched on phishing education, vulnerability disclosure, IoT security, and two-factor authentication. Professional highlights include IT leadership at a large medical device company and a decade in various roles at a leading Linux vendor. Currently, he and a frequent collaborator are launching a consultancy. They aim to help small businesses, including medical and IoT startups, improve their security posture with minimal burden on their users.