Cracking Hidden Identities - Understanding the Threat Surface of Hidden Identities and Protecting them Against Password Exposure

Explore the critical security risks posed by hidden identities in today's SaaS-driven business environment through this 31-minute conference talk from BSidesLV's PasswordsCon in Tuscany. Delve into the vulnerabilities created by non-corporate and non-SSO identities that operate outside organizational identity providers and password policies, understanding how these unmanaged accounts become prime targets for attackers. Examine the specific threat vectors including weak password practices, credential reuse across multiple platforms, and unauthorized password sharing among users. Learn comprehensive strategies and industry best practices for identifying, securing, and managing these hidden identities while strengthening your organization's overall password governance framework. Gain practical insights into protecting against password exposure incidents and reducing the attack surface created by unmanaged user accounts in modern enterprise environments.