The problems with passwords – user and service side. Password vulnerabilities and storage. PIN guessing. Basic counter measures.

A look at the concept of one time passwords – generated service side and user side, as well a look at magic links.

An introduction to possession factors such as CAC/PIV cards, phones as a token and USB security keys.

An introduction to biometrics – characteristics, cross over error rates, template storage considerations and the difference between morphological and behavioural.

What needs to happen before authentication an take place? Registration and proofing are introduced along with identity profile storage considerations.

What happens post authentication?  We discuss session management and how tokens can be issued including SAML, OIDC and basic web cookies.

Credentials – in the form of private keys – need to be created, issued and revoked during their association and binding to an identity.

A discussion of IoT based authentication for consumer, SCADA, smart city and home automation.  Considerations, security threats, design planning.

A recent rise in API, devops and machine based identity has driven new architecture patterns regarding possession based infrastructure authentication.

A top down look at business objectives and how that integrates with authentication strategies and tactics for B2E and B2C ecosystems.

A review of the main use cases facing an enterprise workforce authentication solution such as MFA consolidation and the integration with zero trust architectures.

A review of the main use cases facing consumer identity projects including proofing, self service and passwordless authentication.

How to measure authentication project success, by looking at coverage, performance and effectiveness models.

A look at emerging trends within authentication such as continual, contextual and adaptive controls and the rise of phishing resistance.