Introducing SCS Speaker Grzegorz Milka
Switzerland is planning a law about electronic IDs. The draft has been done and the law is heading in direction of the parliament. It’s a complex piece of law and there are many aspects. If you look at it from an operational security angle, identity fraud looks like a possible threat. What if attackers manage to breach the identity provider? Or what if they use other leaks to impersonate a Swiss resident with a Swiss identity provider? That is quite likely actually: The law imposes three authentication levels and only one of them enforces the use of two factor authentication.
So identity theft and account takeovers are going to happen and they are going to happen on a scale. We know this, because global identity providers have shared this information with the public before. And now one of the biggest players in the field, Google is going one step further. It allows its security Engineer Grzegorz Milka to let us into the concepts and architectures for calculating the risk associated with account takeovers. Furthermore, Grzegorz will explain how they use “login challenges” when their algorithms smell something fishy.
Accounts would be more secure if two-factor authentication was enforced. But this might also drive users away due to perceived usability issues. So these login challenges help to bridge the security gap of password-based accounts that lack 2FA.
When account takeovers happen on a scale, the recovery process becomes very important. So how in the world does Google manage to identify people who have lost their identity? How can Google build the trust anew? All without the intervention of operators, all via automation.
We are very happy to welcome Grzegorz Milka and explain us their in-depth solutions to solve these challenges on a scale.
Grzegorz Milka is a decorated graduate from the University of Warsaw. He holds a master in Computer Science and Mathematics and he spent several Summers with internships at companies around the world. He joined Google after is graduation in 2015 and works on the campus in Zurich.
In his spare time, Grzegorz is a avid biker and enjoys hiking.
More about Grzegorz Milka:
- Report of The Register about Grzegorz Milka’s talk: Who is using 2FA?
- LinkedIn profile: Grzegorz Milka
- Personal blog featuring several book reviews: https://gregorias.github.io/