Santa Clara University — Adjunct Professor
Dr. Wen-Pai Lu has been in the security industry for over 30 years. Early in his career, he contributed to the creation of the IEEE LAN security working group (802.10) which developed the first LAN security standard. He has expertise in various security domains, including network security, application security, endpoint security, information security, and identity and access management. Throughout his career, he has been involved in applied research, network and security architecture, business and solutions consulting, and product management.
Dr. Lu served as a Vice President at JPMorgan Chase, where he managed the development of the modernization initiative of identity and authentication projects. There, he drove the implementation of passwordless authentication with business units for their clients. Prior to JP Morgan Chase, he was a Director of Product Management responsible for building passwordless products for MobileIron for both mobile and desktop platforms. Additionally, he had assisted large and small enterprises in consulting, designing, and implementing network and security solutions. Dr. Lu has held research and architectural roles at Bell Laboratories, AT&T, Verizon Wireless, and Cisco. He later assumed executive positions at several startups and public companies. Currently, he is an adjunct professor at Santa Clara University, where he teaches information security management and network security courses in the graduate school of the Computer Science and Engineering department. Dr. Wen-Pai Lu received his Ph.D. from the University of Arizona. 演講議程
Passwordless authentication – Why is it so hard to implementUsing passwordless authentication to access enterprise systems has garnered significant interest from organizations of all sizes, addressing major threats such as identity theft and data breaches. In this talk, we will begin by evaluating current passwordless authentication methods, followed by an analysis of the pros and cons of each approach. This analysis will explain how each method is used, highlighting that there is no one-size-fits-all solution—it depends on your organization and user base. Among these methods, we will explore the most current and popular ones, such as FIDO and passkeys. We will then outline how passwordless authentication technologies can be implemented in enterprises. This will include best practices for deploying passwordless authentication. We will evaluate each best practice and provide guidance on how enterprises can execute these strategies to achieve the best results and solutions. In conclusion, passwords should not be used when accessing systems and resources. However, migrating from a password-based environment to a passwordless system requires developing a sound strategy with detailed planning. If necessary, organizations should seek help from third parties to provide the required knowledge and skills, in conjunction with their existing resources, to ensure successful implementation. |