Episode 9 — Build Strong Authentication: Passwords, MFA, Tokens, and Practical Failure Modes
This episode explains authentication as proof of identity and shows how GSEC expects you to reason about factors, protocols, and failure modes rather than treating MFA as a magic fix. You’ll review knowledge, possession, and inherence factors, then connect them to real controls like passwords, one-time codes, push approvals, hardware tokens, and certificate-based authentication. We’ll analyze common weaknesses, including password reuse, phishing resistance, token theft, MFA fatigue attacks, and session hijacking that bypasses the login entirely. You’ll learn best practices such as risk-based step-up, strong enrollment and recovery processes, and monitoring for impossible travel or anomalous device changes. Exam-focused scenarios will emphasize choosing an authentication method that fits the threat and environment, like remote access, privileged admin actions, or access to regulated data. The outcome is an authentication mindset that accounts for attackers who adapt quickly. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.
