The paradox of simplicity is that making things simpler is hard work. - Bill Jensen
Building strong passwordless authentication from scratch can be very time-consuming. Integrating the necessary infrastructure into a typical password-centric identity code base increases code complexity exponentially. Taking into consideration that well-known user flows have to be changed and enhanced with new authentication options may also pose significant challenges for developers. They have to get it right - and make it as simple as possible for the end user.
In this talk, we highlight possible pitfalls and necessary considerations when implementing passwordless FIDO and WebAuthn protocols. You will recognize how a cloud-native approach can simplify the integration of passwordless authentication and smoothen the requirements for developers and product owners of any online service. You’ll also learn how to gradually migrate existing users to the new authentication methods in a frictionless manner.
Join us to explore three possible abstraction layers we’ve identified to take the complexity away when dealing with FIDO and passwordless multi-factor authentication. Ranging from utilizing a managed FIDO API and SDKs up to a fully-fledged passwordless-native identity provider that can be integrated with OpenID Connect. We also will share some secrets on useful extensions of the FIDO standards we’ve identified when building our passwordless user experiences.
Now more than ever, the world is operating online. Governments and enterprises need a way of securely verifying an individual’s identity whilst providing an inclusive and positive customer experience. iProov is a world leader in cloud-based face biometric authentication technology. Our Genuine Presence Assurance™ technology, powered by flashmark, ensures that the individual is: the right person, a real person, and also confirms that they are authenticating right now.
There are various ways that client applications may need to log in when going beyond passwords. With a username and password, client development is easy -- just collect a couple of inputs from the user and match them on the server. When going beyond these though, how can client applications be deployed and maintained in a way that the server still dictates what the client should present and obtain from the user when authenticating them?
In this talk, Travis Spencer, CEO of Curity, will explain how hypermedia can be used to drive the login process in a way that allows for any kind of credential, any number of factors to be used, and other sophisticated measures can be taken which take the client far beyond passwords. He will talk about such an API, present a demo, and highlight some of the security issues and how you can overcome these.
From this talk, attendees will leave with new ideas about how server-driven login can be done safely and in a maintainable manner. In addition, attendees will gain an understanding of hypermedia and how it can be applied to authentication.
Four simple steps to the perfect PAM.
Start by merging your different 'forests' like AD Unix and Linux into your AD. Manage your servers and access world as you have always done in AD.
Define in simple steps 'who' has access to which services. Consolidate all accounts and passwords in one repository with hundreds of features like password hiding and auto password rotation.
If you don't know your password, you can't lose it. There is no easier way to control compliance and access.
Step three is simple: If you have access, what are you allowed to execute. If Ransomware has no rights, very simple, nothing can happen.
And last but not least: What rights do you have within the application? If you want to disable certain functions for user groups without rewriting the application, you are already at level four.
