Oct 25, 2021
Guests
- Elie Bursztein, security, anti-abuse and privacy researcher @ Google
- Kurt Thomas, security, anti-abuse and privacy researcher @ Google
Topics:
- Can we say that “Multi-Factor Authentication - if done well - fixes phishing for good” or is this too much to say?
- What are the realistic and seen-in-the-wild bypasses for MFA as a protection?
- How do you think these controls fare vs top tier attackers (clearly, they work vs commodity threats)?
- What do we know about burden vs value of MFA today?
- What can we realistically do to increase MFA/2FA adoption to the 90%s?
- Can we share anything about what we’re seeing as industry benchmarks on MFA adoption so far?
- We’ve seen a lot of ugly debates over the value of SMS as MFA, what is your research-based take on this?
Resources:
- Google Titan Security Key
- “Malicious Documents Emerging Trends: A Gmail Perspective” (RSA 2020)
- “New research: How effective is basic account hygiene at preventing hijacking”
- “New Research: Lessons from Password Checkup in action”
- “New research reveals who’s targeted by email attacks”
- “New research: Understanding the root cause of account takeover”
- “"Why wouldn't someone think of democracy as a target?": Security practices & challenges of people involved with U.S. political campaigns”
- "Tales from the Trenches: Using AI for Gmail Security" (ep28)