We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
You Shall Not Password: Modern Authentication for Web Apps - Eli Holderness - NDC Sydney 2022
Learn how to implement modern authentication for web apps, including best practices for security, user experience, and multi-factor authentication methods like SAML, OIDC, FIDO2, and biometrics.
- Authentication should not be hard to use securely, emphasizing user experience.
- Be cautious when using insecure systems with legitimate users, as it may lead to insecure behaviors.
- FleetMint is an identity provider offering a modern authentication service.
- SAML & OIDC are two mainstream methods for authentication.
- XML is an insecure language for encryption.
- FIDO2 is a security standard for authentication which is supposed to improve security by eliminating the risks of XML-based security.
- Hardware tokens like YubiKey and U2F are recommended for improved security.
- Biometric authentication is also another option for multi-factor authentication.
- The ability to log out and revoke access to identity is important for security.
- The abstraction of “things you have” such as hardware tokens increases security.
- The use of OpenID Connect and the supported authentication protocols (e.g., SAML) enhance security and simplify the authentication process.
- Losing access to your primary identity provider or device can compromise security.
- A multi-factor authentication approach using different authentication factors (knowledge, possession, biometrics) can increase security.