The document discusses the challenges and impact of password security, including statistics on password usage and data breaches. It suggests alternatives such as OAuth, multi-factor authentication, password managers, YubiKeys, biometrics, and magic links to enhance identity management. The presentation emphasizes that users are often the weakest link in security and explores ways to improve usability and security in password management.

1. Forgot Password?
Yes I Did !

2. @joel__lord
#midwestjs
About Me
@joel__lord
joellord

3. @joel__lord
#midwestjs
About Me
@joel__lord
joellord

4. Passwords Are Bad

5. @joel__lord
#midwestjs
Passwords Are Bad
! Cost
! Breach Impact
! Security
! Usability
Cost

6. @joel__lord
#midwestjs
Cost
! Help desk costs
! Technology
acquisition costs
! Management and
operations costs

7. @joel__lord
#midwestjs
Breach Impact
! 2,6G data records
compromised in
2017

8. @joel__lord
#midwestjs
Breach Impact
! 2,6G data records
compromised in
2017
! https://breachlevelindex.com

9. @joel__lord
#midwestjs
Security
! More computing
power === easier
cracking

10. @joel__lord
#midwestjs
Security
! More computing
power === easier
cracking
! More social media
presence === easier
social engineering

11. @joel__lord
#midwestjs
Security
! More computing
power === easier
cracking
! More social media
presence === easier
social engineering
! Users will always be
your weakest link

12. Title

13. Title

14. Title

15. @joel__lord
#midwestjs
Usability
! 23% of users admit
having only one
password

16. @joel__lord
#midwestjs
Usability
! 23% of users admit
having only one
password
! More than 60% of
users use at least
two devices
everyday

17. @joel__lord
#midwestjs
Usability
! 23% of users admit
having only one
password
! More than 60% of
users use at least
two devices
everyday
! We all hate
passwords!

18. @joel__lord
#midwestjs
Passwords
Usability

19. @joel__lord
#midwestjs
Passwords
Usability

20. @joel__lord
#midwestjs
Passwords
Usability

21. @joel__lord
#midwestjs
Passwords
Usability

22. What Can We Do?

23. @joel__lord
#midwestjs
What Can We Do?
! OAuth

24. @joel__lord
#midwestjs
Authentication Flows
Implicit Flow

25. @joel__lord
#midwestjs
Authentication Flows
Implicit Flow

26. @joel__lord
#midwestjs
Authentication Flows
Implicit Flow

27. @joel__lord
#midwestjs
Authentication Flows
Implicit Flow

28. @joel__lord
#midwestjs
What Can We Do?
! OAuth
! Delegate

29. @joel__lord
#midwestjs
What Can We Do?
! OAuth
! Delegate
! MFA

30. @joel__lord
#midwestjs
What Can We Do?
! OAuth
! Delegate
! MFA
! Forget Password

31. Forget Those Passwords

32. @joel__lord
#midwestjs
How to forget a
password
! Build strong
passwords
(something+name of
page)

33. @joel__lord
#midwestjs
How to forget a
password
! Use a password
manager

34. Title

35. @joel__lord
#midwestjs
Alternatives
! Yubikeys
(WebAuthn)

36. @joel__lord
#midwestjs
WebAuthn
• Let’s look at some code

37. @joel__lord
#midwestjs
Alternatives
! Yubikeys
(WebAuthn)

38. @joel__lord
#midwestjs
Alternatives
! Yubikeys
(WebAuthn)
! Biometrics

39. @joel__lord
#midwestjs
Alternatives
! Yubikeys
(WebAuthn)
! Biometrics

40. @joel__lord
#midwestjs
Alternatives
! Yubikeys
(WebAuthn)
! Biometrics
! Magic Link

41. @joel__lord
#midwestjs
Alternatives
! Yubikeys
(WebAuthn)
! Biometrics
! Magic Link

42. @joel__lord
#midwestjs
Magic Links
• Let’s look at some code

43. @joel__lord
#midwestjs
Alternatives
! Yubikeys
(WebAuthn)
! Biometrics
! Magic Link

44. @joel__lord
#midwestjs
Alternatives
! Yubikeys
(WebAuthn)
! Biometrics
! Magic Link

45. Future Of Identity Management

46. Forgot Password?
Midwest JS
Minneapolis, MN
August 10, 2018
@joel__lord
joellord