Thursday 

Room 2 

16:20 - 17:20 

(UTC+01

Talk (60 min)

Passwords are Dead, Long live Passkeys!

Authentication is hard! Passwords are guessable, while SMS and app-based multi-factor authentication can be compromised. Even the promise of hardware tokens comes at a cost, being easy to lose and/or forget. Unfortunately, as developers, we're stuck trying to solve this difficult problem: how to make authentication work without putting our users at risk. Every option appears to have downsides... but there is hope!

Application Security
Privacy
Programming
Security Tooling

Passkeys are a new authentication technology that uses cryptography within the web browser to securely identify and authenticate users, automatically syncing across devices, to entirely eliminate the need for passwords. It's like magic! We'll learn what they are, how they work, and why they are (virtually) unhackable. Your users will love a simplified login flow, and you'll stop worrying about account takeovers.

Stephen Rees-Carter

Stephen is a security consultant and crusted-on PHP developer who spends his days doing Laravel Security Audits and Penetration Tests. When he’s not trying to hack his client’s websites, he teaches Laravel developers about security concepts through his Laravel Security in Depth mailing list. Stephen’s idea of fun is spending a year cleaning infected WordPress sites and picking locks.