Authentication and Identity #

Digital identity mappings:

• Organization <-> infrastructure
  • Phishing
  • MITM attacks
  • Typo squatting
  • Mismatched domains
  • Internationalized domain name (IDN) homograph attack
  • Email security
• User <-> account
  • Stealing passwords
  • Cracked breached password databases
  • Credential stuffing
  • Malware / Trojans
• Account <-> real human

Black markets allow for specialization of effort:

• Markets for stolen data
• Malware
• Phish kits
• Hacking for hire
• Botnets

Authentication and Authorization #

• Authentication (authn) - Whether users are who they claim to be
• Authorization (authz) - What users are and aren’t allowed to access

Authentication: idenification + challenges (e.g., password, second-factor auth)