When Usability Met 2FA - Hyunsu Kim, Junoh Lee, Kihong Heo, Sang Kil Cha and Myeong Geun Shin

In this talk, we discuss how recent attempts to enhance security in KAIST, one of the authoritative research institutes in South Korea, lead to an even more serious security risk. In particular, we present several design flaws we found in the KAIST’s new 2FA system and demonstrate how an attacker could bypass the entire authentication process using the vulnerabilities. This incident highlights that a seemingly trivial design mistake while emphasizing usability can jeopardize the whole system. We conclude this talk by sharing a lesson we learned. Speaker: Hyunsu Kim Contributing authors: Junoh Lee Kihong Heo Sang Kil Cha Myeong Geun Shin