At the end of the month, I’ll be presenting our reference model for federated identity management at EMMSAD 2021. As soon as the paper is online at arxiv.org, I will link it here. But why is it working? There are more and more identities, whether for one person or for an organization. In my password […]
Nerdhorn and Fallback Authentication
Fallback Authentication describes the authentication method that is used if one of the commonly used factors does not work. The nerdhorn usually authenticates itself via face recognition on the smartphone. However, it is no longer recognized by the mask, for example. As an alternative, the font counts here. As is the case here, the alternative […]
Nerdhorn and Credential Stuffing
Account or credential stuffing is an attack in which the attacker tries out stolen credentials, usually username / email address and password, on many different websites. This attack can be automated by tools for automation in the web area, such as Selenium, curl or PhantomJS, or special tools such as SNIPR or STORM. This attack […]
Nerdhorn and Phishing
Phishing refers to attempts to impersonate a trustworthy communication partner via fake websites, e-mails or other messages in order to obtain personal data, for example. As a result, for example account theft or identity theft can be committed or malware can be installed. Phishing is one of the social engineering attacks that exploit the victims’ […]
Nerdhorn: Security vs Usability
As everywhere in IT security, it is also important in identity management that a measure is both secure and usable. Users can get creative if something is too time-consuming, annoying or otherwise impractical for them. Is there too many steps to authenticate on the notebook? Then the screen is not locked. Does the screen need […]