EP40 2021: Phishing is Solved?
Oct 25, 2021•32 min•Season 1Ep. 40
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more
Episode description
Guests
- Elie Bursztein, security, anti-abuse and privacy researcher @ Google
- Kurt Thomas, security, anti-abuse and privacy researcher @ Google
Topics:
- Can we say that “Multi-Factor Authentication - if done well - fixes phishing for good” or is this too much to say?
- What are the realistic and seen-in-the-wild bypasses for MFA as a protection?
- How do you think these controls fare vs top tier attackers (clearly, they work vs commodity threats)?
- What do we know about burden vs value of MFA today?
- What can we realistically do to increase MFA/2FA adoption to the 90%s?
- Can we share anything about what we’re seeing as industry benchmarks on MFA adoption so far?
- We’ve seen a lot of ugly debates over the value of SMS as MFA, what is your research-based take on this?
Resources:
- Google Titan Security Key
- “Malicious Documents Emerging Trends: A Gmail Perspective” (RSA 2020)
- “New research: How effective is basic account hygiene at preventing hijacking”
- “New Research: Lessons from Password Checkup in action”
- “New research reveals who’s targeted by email attacks”
- “New research: Understanding the root cause of account takeover”
- “"Why wouldn't someone think of democracy as a target?": Security practices & challenges of people involved with U.S. political campaigns”
- "Tales from the Trenches: Using AI for Gmail Security" (ep28)
For the best experience, listen in Metacast app for iOS or Android
Open in Metacast