register for 2024
May 28-31, 2024 | Aria Resort & Casino, Las Vegas, NV
register for 2024
2023 Event | Session Video
Thinking Differently About Passkeys New Threats Require a New Threat Model

Speaker: Dean Saxe – Senior Security Engineer – Amazon Web Services
Date: Thursday, June 1, 2023
Location: ARIA Resort & Casino | Las Vegas, NV

Description: Passkeys are promoted as the password killer to minimize phishing, password reuse, and customer frustrations with passwords. While passkeys create significant usability and security improvements over passwords, we are still early in the passkey journey. In this talk, we’ll explore how passkeys require users and services to think differently about managing credentials, and the new risks that arise with passkeys, enabling attendees to threat model their passkey deployment scenarios. Specific issues we’ll cover include: • Breaking out of the one credential per relying party (RP) paradigm of credential management for users and RPs • Modeling the impact of passkeys on account recovery • Shared passwords vs. shared passkeys • Differential security controls between passkey providers including authentication, account recovery, passkey generation, synchronization, and storage at rest

Follow us on
identity everywhere
Stay informed on the latest event updates
Identiverse: The Identity Universe
hosted by CyberRisk Alliance
register now