![](https://ccweb.imgix.net/https%3A%2F%2Fwww.classcentral.com%2Fimages%2Ficon-black-friday.png?auto=format&ixlib=php-4.1.0&s=fe56b83c82babb2f8fce47a2aed2f85d)
Authentication Afterlife - The Dark Side of Making Lost Password Recovery Harder
linux.conf.au via YouTube
Overview
![](https://ccweb.imgix.net/https%3A%2F%2Fwww.classcentral.com%2Fimages%2Ficon-black-friday.png?auto=format&ixlib=php-4.1.0&s=fe56b83c82babb2f8fce47a2aed2f85d)
Syllabus
Intro
Tabletop Scenarios
Tabletop Scenario #1
Administrivia
Perils of the naive solution
Avoiding the 2FA bypass
Tabletop Scenario #2
Possible solutions
Tabletop Scenario #3
Impersonation
Security Questions
Changing Password Every Login Easier Than Remembering Password
Alternate Authentication Methods - for Attackers
Recovery with 2FA enabled
2FA recovery
Tabletop Scenario #4
Unhappy Story
Potential Mitigations
First steps
Ongoing steps
Tabletop Scenario #5 - Account discovery
Considering death
Personal observations - 1/2
Personal mitigations - 1/3
Keep good records
Personal mitigations - 3/3
Personal mitigations - parallels
Conclusions - 2/2
Questions/Discussion
Taught by
linux.conf.au