When usability met 2FA



View Recording


In this talk, we discuss how recent attempts to enhance security in KAIST, one of the authoritative research institutes in South Korea, lead to an even more serious security risk. In particular, we present several design flaws we found in the KAIST’s new 2FA system and demonstrate how an attacker could bypass the entire authentication process using the vulnerabilities. This incident highlights that a seemingly trivial design mistake while emphasizing usability can jeopardize the whole system. We conclude this talk by sharing a lesson we learned.

Hyunsu Kim

Masters Student, Graduate School of Information Security, KAIST


Junoh Lee

SoftSec Lab in KAIST


Kihong Heo



Sang Kil Cha

Director at Cyber Security Research Center and Professor at Graduate School of Information Security, KAIST


Myeong Geun Shin

Software engineer at Furiosa AI