Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Forgot Password? Yes I Did!

131 views

Published on

Every month, we hear about a new data breach and billions of user passwords are being shared as we speak. How can we stop this? There is a simple solution, let’s stop using passwords! From email links to biometrics, more and more technologies are available to help developers handle different types of credentials. During this presentation, the attendees will learn about some of the alternatives and how to implement them in the context of an OAuth flow.

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Forgot Password? Yes I Did!

  1. 1. Forgot Password? Yes I Did !
  2. 2. @joel__lord #midwestjs About Me @joel__lord joellord
  3. 3. @joel__lord #midwestjs About Me @joel__lord joellord
  4. 4. Passwords Are Bad
  5. 5. @joel__lord #midwestjs Passwords Are Bad ! Cost ! Breach Impact ! Security ! Usability Cost
  6. 6. @joel__lord #midwestjs Cost ! Help desk costs ! Technology acquisition costs ! Management and operations costs
  7. 7. @joel__lord #midwestjs Breach Impact ! 2,6G data records compromised in 2017
  8. 8. @joel__lord #midwestjs Breach Impact ! 2,6G data records compromised in 2017 ! https://breachlevelindex.com
  9. 9. @joel__lord #midwestjs Security ! More computing power === easier cracking
  10. 10. @joel__lord #midwestjs Security ! More computing power === easier cracking ! More social media presence === easier social engineering
  11. 11. @joel__lord #midwestjs Security ! More computing power === easier cracking ! More social media presence === easier social engineering ! Users will always be your weakest link
  12. 12. Title
  13. 13. Title
  14. 14. Title
  15. 15. @joel__lord #midwestjs Usability ! 23% of users admit having only one password
  16. 16. @joel__lord #midwestjs Usability ! 23% of users admit having only one password ! More than 60% of users use at least two devices everyday
  17. 17. @joel__lord #midwestjs Usability ! 23% of users admit having only one password ! More than 60% of users use at least two devices everyday ! We all hate passwords!
  18. 18. @joel__lord #midwestjs Passwords Usability
  19. 19. @joel__lord #midwestjs Passwords Usability
  20. 20. @joel__lord #midwestjs Passwords Usability
  21. 21. @joel__lord #midwestjs Passwords Usability
  22. 22. What Can We Do?
  23. 23. @joel__lord #midwestjs What Can We Do? ! OAuth
  24. 24. @joel__lord #midwestjs Authentication Flows Implicit Flow
  25. 25. @joel__lord #midwestjs Authentication Flows Implicit Flow
  26. 26. @joel__lord #midwestjs Authentication Flows Implicit Flow
  27. 27. @joel__lord #midwestjs Authentication Flows Implicit Flow
  28. 28. @joel__lord #midwestjs What Can We Do? ! OAuth ! Delegate
  29. 29. @joel__lord #midwestjs What Can We Do? ! OAuth ! Delegate ! MFA
  30. 30. @joel__lord #midwestjs What Can We Do? ! OAuth ! Delegate ! MFA ! Forget Password
  31. 31. Forget Those Passwords
  32. 32. @joel__lord #midwestjs How to forget a password ! Build strong passwords (something+name of page)
  33. 33. @joel__lord #midwestjs How to forget a password ! Use a password manager
  34. 34. Title
  35. 35. @joel__lord #midwestjs Alternatives ! Yubikeys (WebAuthn)
  36. 36. @joel__lord #midwestjs WebAuthn • Let’s look at some code
  37. 37. @joel__lord #midwestjs Alternatives ! Yubikeys (WebAuthn)
  38. 38. @joel__lord #midwestjs Alternatives ! Yubikeys (WebAuthn) ! Biometrics
  39. 39. @joel__lord #midwestjs Alternatives ! Yubikeys (WebAuthn) ! Biometrics
  40. 40. @joel__lord #midwestjs Alternatives ! Yubikeys (WebAuthn) ! Biometrics ! Magic Link
  41. 41. @joel__lord #midwestjs Alternatives ! Yubikeys (WebAuthn) ! Biometrics ! Magic Link
  42. 42. @joel__lord #midwestjs Magic Links • Let’s look at some code
  43. 43. @joel__lord #midwestjs Alternatives ! Yubikeys (WebAuthn) ! Biometrics ! Magic Link
  44. 44. @joel__lord #midwestjs Alternatives ! Yubikeys (WebAuthn) ! Biometrics ! Magic Link
  45. 45. Future Of Identity Management
  46. 46. Forgot Password? Midwest JS Minneapolis, MN August 10, 2018 @joel__lord joellord

×