Talk: Minimum Viable Account Security

Many concepts behind account security predate application security. The account security recommendations of yore have not aged well and “just throw a two factor on it” won’t make it any better.

Account security is one of the most overlooked hard problems today. It goes far beyond password complexity rules and offering two factor. In this talk we will explore all of the various options one has when considering account security for the users or applications they protect.

We will not tell you what you should do. We will show you what various platforms do and GitHub’s journey towards improving account security. What works for others doesn’t work for us and some of the things we do won’t work for others. We hope to spark ideas and provide insight for attendees to take home and apply tomorrow. Like everything in security: “it depends