Wednesday
Room 1
17:40 - 18:40
(UTC+01)
Talk (60 min)
NOPASSWD: Building a Passwordless Cloud Infrastructure
Passwordless systems are fast becoming a reality as many of the big players (Microsoft, Google, Okta, AWS Cognito) implement support for FIDO2 and related technologies.
Although developers are making great progress in using these technologies to implement new passwordless architectures for the users of their products, we are years behind in doing the same for our own internal infrastructure. Tokens, passwords, and other secrets that are shared internally among developers are a major security risk, yet are extremely common among companies of all sizes.
This talk gives an overview of the current situation and associated security risks, a review of FIDO and FIDO2 standards, the options we have to improve our designs, and a case study of a sample passwordless infrastructure stack. We'll also discuss things to look for and avoid when selecting vendors and development tools to greatly improve security posture.
Learn how your team, regardless of size, can put all of the pieces together to implement a more secure, passwordless infrastructure.
Kyle Kotowick
Dr. Kyle Kotowick is the founder of a Canadian consulting and development firm focusing on cloud infrastructure, security, and Internet-of-Things implementations for high-growth clients. He completed his Ph.D. in MIT's Computer Science and Artificial Intelligence Laboratory, joint with the Department of Aeronautics and Astronautics. He has served as a consultant, systems architect, and developer for global firms, startups, and universities; as a Lead Engineer for the Government of Canada; and as a researcher for military navigation systems and for life support systems in space. He specializes in working with both startups and enterprise clients to define requirements and explore possible solutions, as well as in leading the development of project architecture, cloud services, and back-end software.