Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Forgot Password? Yes I Did!

62 views

Published on

Every month, we hear about a new data breach and billions of user passwords are being shared as we speak. How can we stop this? There is a simple solution, let’s stop using passwords! From email links to biometrics, more and more technologies are available to help developers handle different types of credentials. During this presentation, the attendees will learn about some of the alternatives and how to implement them in the context of an OAuth flow.

Published in: Internet
  • Be the first to comment

Forgot Password? Yes I Did!

  1. 1. FORGOT PASSWORD? YES I DID! AN INTRO TO PASSWORDLESS AUTHENTICATION
  2. 2. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! ABOUT ME @joel__lord joellord
  3. 3. PASSWORDS ARE BAD
  4. 4. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! PASSWORDS ARE BAD ▸ Help desk costs ▸ Technology acquisition costs ▸ Management and operations costs
  5. 5. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! PASSWORDS ARE BAD ▸ 2,6G data records compromised in 2017
  6. 6. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! PASSWORDS ARE BAD ▸ 2,6G data records compromised in 2017 ▸ https://breachlevelindex.com
  7. 7. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! PASSWORDS ARE BAD ▸ More computing power === easier cracking ▸ More social media presence === easier social engineering ▸ Users will always be your weakest link
  8. 8. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! PASSWORDS ARE BAD ▸ 23% of users admit having only one password ▸ More than 60% of users use at least two devices everyday ▸ We all hate passwords!
  9. 9. @joel__lord #BocaJS
  10. 10. @joel__lord #BocaJS
  11. 11. @joel__lord #BocaJS
  12. 12. @joel__lord #BocaJS
  13. 13. WHAT CAN YOU DO?
  14. 14. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! WHAT CAN WE DO? ▸ Use best practices
  15. 15. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! OAUTH - IMPLICIT FLOW
  16. 16. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! OAUTH - IMPLICIT FLOW ⛔
  17. 17. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! OAUTH - IMPLICIT FLOW
  18. 18. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! OAUTH - IMPLICIT FLOW
  19. 19. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! OAUTH - IMPLICIT FLOW
  20. 20. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! OAUTH - IMPLICIT FLOW
  21. 21. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! OAUTH - IMPLICIT FLOW
  22. 22. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! OAUTH - IMPLICIT FLOW
  23. 23. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! WHAT CAN WE DO? ▸ Use best practices ▸ Delegate
  24. 24. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! WHAT CAN WE DO? ▸ Use best practices ▸ Delegate ▸ MFA
  25. 25. FORGET PASSWORDS
  26. 26. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! FORGET PASSWORDS ▸ Avoid reusing passwords
  27. 27. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! FORGET PASSWORDS ▸ Avoid reusing passwords ▸ Use a password manager
  28. 28. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! ALTERNATIVES ▸ WebAuthn
  29. 29. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! ALTERNATIVES ▸ WebAuthn
  30. 30. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! ALTERNATIVES ▸ WebAuthn
  31. 31. DEAR DEMO GODS, PLEASE LET THIS WORK WEBAUTHN DEMO Demo src: https://webauthn.me/
  32. 32. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! ALTERNATIVES ▸ WebAuthn
  33. 33. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! ALTERNATIVES ▸ WebAuthn ▸ Biometrics
  34. 34. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! BIOMETRICS https://www.microsoft.com/en-us/research/wp-content/uploads/2008/10/ECCV_CAT_PROC.pdf
  35. 35. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! BIOMETRICS https://www.microsoft.com/en-us/research/wp-content/uploads/2008/10/ECCV_CAT_PROC.pdf
  36. 36. DEAR DEMO GODS, PLEASE LET THIS WORK BIOMETRICS DEMO Demo src: https://voiceit.io/
  37. 37. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! ALTERNATIVES ▸ WebAuthn ▸ Biometrics
  38. 38. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! ALTERNATIVES ▸ WebAuthn ▸ Biometrics ▸ Magic Links
  39. 39. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! ALTERNATIVES ▸ WebAuthn ▸ Biometrics ▸ Magic Links
  40. 40. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! MAGIC LINKS (POST /AUTHORIZE)
  41. 41. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! MAGIC LINKS (POST /AUTHORIZE)
  42. 42. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! MAGIC LINKS (POST /AUTHORIZE)
  43. 43. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! MAGIC LINKS (POST /AUTHORIZE)
  44. 44. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! MAGIC LINKS (POST /AUTHORIZE)
  45. 45. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! MAGIC LINKS (GET /LOGIN/{MAGICLINK})
  46. 46. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! MAGIC LINKS (GET /LOGIN/{MAGICLINK})
  47. 47. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! MAGIC LINKS (GET /LOGIN/{MAGICLINK})
  48. 48. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! MAGIC LINKS (GET /LOGIN/{MAGICLINK})
  49. 49. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! MAGIC LINKS (GET /LOGIN/{MAGICLINK})
  50. 50. DEAR DEMO GODS, PLEASE LET THIS WORK MAGIC LINK DEMO Demo src: https://github.com/joellord/secure-spa-auth0/
  51. 51. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! ALTERNATIVES ▸ Yubikeys ▸ Biometrics ▸ Magic Links
  52. 52. FUTURE OF IDENTITY MANAGEMENT
  53. 53. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! RESOURCES ▸ OAuth & Open ID Connect ▸ http://bit.ly/oauth-talk ▸ JWTs ▸ https://jwt.io ▸ WebAuthn ▸ http://bit.ly/webauthn-demo ▸ VoiceIt integration with Auth0 ▸ http://bit.ly/auth0-voiceit
  54. 54. @joel__lord joellord FORGOT PASSWORD? YES I DID! BocaJS March 5th, 2019 THANK YOU !
  55. 55. TEXT
  56. 56. TEXT

×