Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Forgot Password? Yes I Did!

145 vues

Publié le

Every month, we hear about a new data breach and billions of user passwords are being shared as we speak. How can we stop this? There is a simple solution, let’s stop using passwords! From email links to biometrics, more and more technologies are available to help developers handle different types of credentials. During this presentation, the attendees will learn about some of the alternatives and how to implement them in the context of an OAuth flow.

Publié dans : Internet
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Forgot Password? Yes I Did!

  1. 1. FORGOT PASSWORD? YES I DID! AN INTRO TO PASSWORDLESS AUTHENTICATION
  2. 2. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! ABOUT ME @joel__lord joellord
  3. 3. PASSWORDS ARE BAD
  4. 4. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! PASSWORDS ARE BAD ▸ Help desk costs ▸ Technology acquisition costs ▸ Management and operations costs
  5. 5. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! PASSWORDS ARE BAD ▸ 2,6G data records compromised in 2017
  6. 6. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! PASSWORDS ARE BAD ▸ 2,6G data records compromised in 2017 ▸ https://breachlevelindex.com
  7. 7. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! PASSWORDS ARE BAD ▸ More computing power === easier cracking ▸ More social media presence === easier social engineering ▸ Users will always be your weakest link
  8. 8. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! PASSWORDS ARE BAD ▸ 23% of users admit having only one password ▸ More than 60% of users use at least two devices everyday ▸ We all hate passwords!
  9. 9. @joel__lord #phpworld
  10. 10. @joel__lord #phpworld
  11. 11. @joel__lord #phpworld
  12. 12. @joel__lord #phpworld
  13. 13. WHAT CAN YOU DO?
  14. 14. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! WHAT CAN WE DO? ▸ Use best practices
  15. 15. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! OAUTH - IMPLICIT FLOW
  16. 16. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! OAUTH - IMPLICIT FLOW ⛔
  17. 17. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! OAUTH - IMPLICIT FLOW
  18. 18. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! OAUTH - IMPLICIT FLOW
  19. 19. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! OAUTH - IMPLICIT FLOW
  20. 20. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! OAUTH - IMPLICIT FLOW
  21. 21. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! OAUTH - IMPLICIT FLOW
  22. 22. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! OAUTH - IMPLICIT FLOW
  23. 23. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! WHAT CAN WE DO? ▸ Use best practices ▸ Delegate
  24. 24. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! WHAT CAN WE DO? ▸ Use best practices ▸ Delegate ▸ MFA
  25. 25. FORGET PASSWORDS
  26. 26. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! FORGET PASSWORDS ▸ Avoid reusing passwords
  27. 27. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! FORGET PASSWORDS ▸ Avoid reusing passwords ▸ Use a password manager
  28. 28. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! ALTERNATIVES ▸ WebAuthn
  29. 29. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! ALTERNATIVES ▸ WebAuthn
  30. 30. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! ALTERNATIVES ▸ WebAuthn
  31. 31. DEAR DEMO GODS, PLEASE LET THIS WORK WEBAUTHN DEMO Demo src: https://dist-yycvxvsyvu.now.sh/tutorial/
  32. 32. @joel__lord #phpworld
  33. 33. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! ALTERNATIVES ▸ WebAuthn
  34. 34. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! ALTERNATIVES ▸ WebAuthn ▸ Biometrics
  35. 35. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! BIOMETRICS https://www.microsoft.com/en-us/research/wp-content/uploads/2008/10/ECCV_CAT_PROC.pdf
  36. 36. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! BIOMETRICS https://www.microsoft.com/en-us/research/wp-content/uploads/2008/10/ECCV_CAT_PROC.pdf
  37. 37. DEAR DEMO GODS, PLEASE LET THIS WORK BIOMETRICS DEMO Demo src: https://voiceit.io/
  38. 38. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! ALTERNATIVES ▸ WebAuthn ▸ Biometrics
  39. 39. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! ALTERNATIVES ▸ WebAuthn ▸ Biometrics ▸ Magic Links
  40. 40. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! ALTERNATIVES ▸ WebAuthn ▸ Biometrics ▸ Magic Links
  41. 41. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! MAGIC LINKS (POST /AUTHORIZE)
  42. 42. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! MAGIC LINKS (POST /AUTHORIZE)
  43. 43. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! MAGIC LINKS (POST /AUTHORIZE)
  44. 44. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! MAGIC LINKS (POST /AUTHORIZE)
  45. 45. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! MAGIC LINKS (POST /AUTHORIZE)
  46. 46. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! MAGIC LINKS (POST /AUTHORIZE)
  47. 47. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! MAGIC LINKS (POST /AUTHORIZE)
  48. 48. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! MAGIC LINKS (POST /AUTHORIZE)
  49. 49. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! MAGIC LINKS (GET /LOGIN/{MAGICLINK})
  50. 50. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! MAGIC LINKS (GET /LOGIN/{MAGICLINK})
  51. 51. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! MAGIC LINKS (GET /LOGIN/{MAGICLINK})
  52. 52. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! MAGIC LINKS (GET /LOGIN/{MAGICLINK})
  53. 53. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! MAGIC LINKS (GET /LOGIN/{MAGICLINK})
  54. 54. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! MAGIC LINKS (GET /LOGIN/{MAGICLINK})
  55. 55. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! MAGIC LINKS (GET /LOGIN/{MAGICLINK})
  56. 56. DEAR DEMO GODS, PLEASE LET THIS WORK MAGIC LINK DEMO Demo src: https://github.com/joellord/secure-spa-auth0/
  57. 57. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! ALTERNATIVES ▸ Yubikeys ▸ Biometrics ▸ Magic Links
  58. 58. FUTURE OF IDENTITY MANAGEMENT
  59. 59. @joel__lord #phpworld FORGOT PASSWORD? YES I DID! RESOURCES ▸ OAuth & Open ID Connect ▸ http://bit.ly/oauth-talk ▸ JWTs ▸ https://jwt.io ▸ WebAuthn ▸ http://bit.ly/webauthn-demo ▸ VoiceIt integration with Auth0 ▸ http://bit.ly/auth0-voiceit
  60. 60. @joel__lord joellord FORGOT PASSWORD? YES I DID! php[world], Washington, DC November 14th, 2018 THANK YOU !
  61. 61. TEXT
  62. 62. TEXT

×