Despite proclamations of the obsolescence of passwords, they remain an essential component of user authentication. Many long-accepted tenets of password-based authentication need to be reexamined.
Abstract Passwords have been around for a long time. They are by far the widest-deployed way of authenticating users. Passwords suffer from many well-known and well-researched weaknesses. Nonetheless, numerous applications still rely on passwords, even in a security-sensitive context. Passwords even remain the most commonly used first factor in multi-factor authentication systems. Regardless of their popularity, many voices call for discarding passwords altogether. After all, would it not be better to have a stronger and more usable authentication mechanism?
In this session, we take a closer look at password-based authentication. We investigate many commonly-made implementation mistakes and better alternatives. We investigate how to make security work for your users, instead of working against them. In the end, you will walk away with a modern set of best practices for handling password-based authentication. Both your application and your users will benefit from these new insights.
This session is intended for anyone designing or implementing password-based user authenticationanyone building, designing or securing web applications