Access Keys Will Kill You Before You Kill the Password

Explore the critical security risks associated with AWS access keys and learn how to implement robust Multi-Factor Authentication (MFA) policies in this 32-minute Black Hat conference talk. Discover the potential dangers of storing long-lived access keys in plaintext files and sharing them among developers. Gain insights into enforcing consistent MFA requirements for all users, regardless of their authentication method. Examine open-source tools, including a newly released solution, that facilitate seamless work processes while maintaining MFA-protected API access in AWS accounts. Learn about implementing stronger access controls, addressing AWS security issues, and improving workflow with new policies. Understand the importance of saving MFA serials, utilizing SCS sessions, and adapting to MFA changes in AWS API CLI. Conclude with valuable information on key rotation practices and participate in a Q&A session to deepen your understanding of AWS security best practices.

Intro
Welcome
Agenda
Security
Strong Access Controls
AWS
Security Issues
Access Keys
MFA Policies
Better Workflow
New Policies
Save MFA Serial
You Need SCS Session
MFA Changes
AWS API CLI
RotateMyKey
Conclusion
Questions