YoVDO

Anatomy of Account Takeover - Understanding Threats and Defenses

Offered By: USENIX Enigma Conference via YouTube

Tags

Cybersecurity Courses Phishing Courses Data Breaches Courses Two-Factor Authentication Courses Password Security Courses Credential Theft Courses

Course Description

Overview

Explore the anatomy of account takeovers in this 17-minute conference talk from USENIX Enigma 2018. Delve into the ecosystem supporting credential theft, the dangers posed to users, and the importance of automatic, defense-in-depth risk detection systems. Learn about the likelihood of users falling victim to data breaches, phishing, or malware, and how hijackers exploit stolen credentials. Examine how identity providers can use risk analysis and login challenges to enhance security for password-only users. Discover the practical weaknesses of certain login challenges and the evolving tactics of attackers. Gain insights into ongoing challenges, including the disconnect between public opinion and necessary security measures, and discuss potential industry solutions to improve overall account security.

Syllabus

Intro
Online accounts are valuable targets
The three avenues of password theft
Commoditization of abuse
The wares on sale
Users reuse passwords
Hijacking likelihood* Compared to a general active account, how much more likely it is that you will be a victim of hacking if we know
Adoption of additional security is low
Sign-in risk detection
Dimensionality of risk
Geocloaking
Dynamic 2FA: Ask for additional verification
Choose the challenge that minimizes damage
Secondary e-mail verification
SMS code
Google Prompt
Hijacking monetization
Bringing the user into the loop
Finding the hijacker in-session


Taught by

USENIX Enigma Conference

Related Courses

Digitale Identitäten - Wer bin ich im Netz?
openHPI
Introduction to Cybersecurity for Teachers
Raspberry Pi Foundation via FutureLearn
Security Awareness Training
(ISC)² via Coursera
Learn Social Engineering From Scratch 2024
Udemy
Certified Ethical Hacker دورة إعداد الـ
Udemy