Two-Steps to Owning MFA

Two-Steps to Owning MFA – Sherrie Cowley, Dennis Taggart


Authentication is not a company’s silver bullet. We will walk through common methods used in MFA including SMS, TOTP (i.e. Google Authenticator), Push Notifications, and U2F Security Keys. We will show how each method works in simple terms and the weaknesses of all of them. You will be able to generate your own TOTP six digit code and learn how to break each MFA method. You will also learn additional controls to protect your environments. This presentation will appeal to both red and blue teams.


Sherrie Cowley has a Masters in Information Systems with an emphasis on software engineering and cyber security. She has managed help desk, software engineering, and identity and access management teams and is currently an Information Security Manager for a large organization. She has presented at SaintCon, HackWest, and multiple universities, was a keynote for Splunk Live, and acts as a liaison for InfraGard members and the FBI Cyber Task Force.

Dennis Taggart is the Sr. Penetration Tester for a large organization. He holds over five years of information security experience and has diverse interests. He earned a B.A. in Middle Eastern Studies (Arabic), an M.A. in Political Science, holds seven GIAC certs, winner of a hardware hacking village and NetWars, and is currently pursuing the MSISE from SANS.