Fallback Authentication describes the authentication method that is used if one of the commonly used factors does not work. The nerdhorn usually authenticates itself via face recognition on the smartphone. However, it is no longer recognized by the mask, for example. As an alternative, the font counts here. As is the case here, the alternative […]
Nerdhorn and Credential Stuffing
Account or credential stuffing is an attack in which the attacker tries out stolen credentials, usually username / email address and password, on many different websites. This attack can be automated by tools for automation in the web area, such as Selenium, curl or PhantomJS, or special tools such as SNIPR or STORM. This attack […]
Nerdhorn and Phishing
Phishing refers to attempts to impersonate a trustworthy communication partner via fake websites, e-mails or other messages in order to obtain personal data, for example. As a result, for example account theft or identity theft can be committed or malware can be installed. Phishing is one of the social engineering attacks that exploit the victims’ […]
Nerdhorn: Security vs Usability
As everywhere in IT security, it is also important in identity management that a measure is both secure and usable. Users can get creative if something is too time-consuming, annoying or otherwise impractical for them. Is there too many steps to authenticate on the notebook? Then the screen is not locked. Does the screen need […]
Cyber Taxi
Our Cyber Taxi paper, which was presented at the ESORICS 2020 workshop MSTEC, is also available on arXiv. The lack of guided exercises and practical opportunities to learn about cybersecurity in a practical way makes it difficult for security experts to improve their proficiency. Capture the Flag events and Cyber Ranges are ideal for cybersecurity training. […]