Eli Holderness
Eli is a software engineer, conference speaker, and professional problem-solver who works at the Bennett Institute as a research software advocate. They spend their work time making researchers’ lives easier with code and documentation, and by connecting them with the right knowledge. They spend their non-work time knitting, travelling, and catching up on their functionally-infinite reading list.
Research Software Advocate @ Bennett Institute
You Shall Not Password: Modern Authentication for Web Apps
Session Type: Talk
Once upon a time, your users would log into a web service with a username and password. But now we've got a bewildering array of options - SSO, MFA, passwordless, and more. Learn how to keep your users safe as we discuss the good, the bad and the ugly of modern authentication mechanisms for the Web.
In the good old days, your users would log into a web app with a username and password. But now people expect an alphabet soup of SSO, 2FA, OAuth, OIDC, SAML, FIDO2, OTP... What do they all mean - and why do they matter? Why is central authentication useful? What does two-factor authentication really protect us from, and what's still wide open? How can you decide whether or not to trust an identity provider to keep your and your users' secrets? Learn how to keep your users safe as we discuss the good, the bad and the ugly of modern authentication mechanisms for the Web.
This talk is aimed at anyone passingly familiar with web development, with an interest in security, or who simply wants to know what’s really going on when you ‘sign in with Google’.
In the good old days, your users would log into a web app with a username and password. But now people expect an alphabet soup of SSO, 2FA, OAuth, OIDC, SAML, FIDO2, OTP... What do they all mean - and why do they matter? Why is central authentication useful? What does two-factor authentication really protect us from, and what's still wide open? How can you decide whether or not to trust an identity provider to keep your and your users' secrets? Learn how to keep your users safe as we discuss the good, the bad and the ugly of modern authentication mechanisms for the Web.
This talk is aimed at anyone passingly familiar with web development, with an interest in security, or who simply wants to know what’s really going on when you ‘sign in with Google’.
Headline Sponsor
Silver Sponsor
Bronze Sponsors
We are looking for sponsors!
Sponsors make this conference possible, we're actively looking for people to support!