17:40 - 18:40
Talk (60 min)
NOPASSWD: Building a Passwordless Cloud Infrastructure
Passwordless systems are fast becoming a reality as many of the big players (Microsoft, Google, Okta, AWS Cognito) implement support for FIDO2 and related technologies.
Although developers are making great progress in using these technologies to implement new passwordless architectures for the users of their products, we are years behind in doing the same for our own internal infrastructure. Tokens, passwords, and other secrets that are shared internally among developers are a major security risk, yet are extremely common among companies of all sizes.
This talk gives an overview of the current situation and associated security risks, a review of FIDO and FIDO2 standards, the options we have to improve our designs, and a case study of a sample passwordless infrastructure stack. We'll also discuss things to look for and avoid when selecting vendors and development tools to greatly improve security posture.
Learn how your team, regardless of size, can put all of the pieces together to implement a more secure, passwordless infrastructure.