Account Recovery

From MgmtWiki
Revision as of 16:18, 25 October 2021 by Tom (talk | contribs) (Created page with "==Full Title or Meme== ==Context== [https://authenticatecon.com/authenticate-2021-day-three-recap/ The Challenge of Account Recovery at Authenticate 2021]. A key challenge f...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Full Title or Meme

Context

The Challenge of Account Recovery at Authenticate 2021.

A key challenge for user accounts is the issue of secure recovery. No matter how secure the authentication is to access an account, if there is a weak recovery system in place, an attacker will be able to bypass security.

“Account recovery is really just another form of authentication,” Dean Saxe, Sr. Security Engineer at Amazon Web Services stated.

In a session, Saxe detailed what he referred to as the Iron Triangle of Account Recovery, which includes the concerns of access continuity, security and privacy. Saxe noted that the account recovery mechanism itself should be reasonably secure, preferably as secure as the primary authentication.

“What we don’t want to create is a gate that you can walk around, or walk through because we haven’t secured the gate with a fence all the way around the thing that we’re trying to protect,” Saxe. “So the recommendation is to register multiple authenticators, so you have a backup.”

References

Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=Account_Recovery&oldid=12700"