Going Passwordless and Beyond
Facebook Twitter LinkedIn

Going Passwordless and Beyond

Combined Session
Tuesday, September 14, 2021 15:30—16:30
Location: EIC CAFÉ

FIDO for Developers - How Developers Can Master FIDO and Passwordless Authentication Without Adding Unnecessary Complexity.

The paradox of simplicity is that making things simpler is hard work. - Bill Jensen

 Building strong passwordless authentication from scratch can be very time-consuming. Integrating the necessary infrastructure into a typical password-centric identity code base increases code complexity exponentially. Taking into consideration that well-known user flows have to be changed and enhanced with new authentication options may also pose significant challenges for developers. They have to get it right - and make it as simple as possible for the end user.

 In this talk, we highlight possible pitfalls and necessary considerations when implementing passwordless FIDO and WebAuthn protocols. You will recognize how a cloud-native approach can simplify the integration of passwordless authentication and smoothen the requirements for developers and product owners of any online service. You’ll also learn how to gradually migrate existing users to the new authentication methods in a frictionless manner.

Join us to explore three possible abstraction layers we’ve identified to take the complexity away when dealing with FIDO and passwordless multi-factor authentication. Ranging from utilizing a managed FIDO API and SDKs up to a fully-fledged passwordless-native identity provider that can be integrated with OpenID Connect. We also will share some secrets on useful extensions of the FIDO standards we’ve identified when building our passwordless user experiences.


Felix Magedanz
Felix Magedanz
Felix Magedanz is the founder and CEO of FIDO Alliance member company Hanko.io, based in Germany. He is an expert for multi-factor and passwordless authentication in consumer-facing applications....

How Biometric Face Verification Enables Effortless IAM in a Zero Trust Environment

Now more than ever, the world is operating online. Governments and enterprises need a way of securely verifying an individual’s identity whilst providing an inclusive and positive customer experience. iProov is a world leader in cloud-based face biometric authentication technology. Our Genuine Presence Assurance™ technology, powered by flashmark, ensures that the individual is: the right person, a real person, and also confirms that they are authenticating right now.

Tom Whitney
Tom Whitney
Tom is an experienced Solutions Consultant, with over 12 years experience working in SaaS pre-sales across Data Analysis, Martech and Regtech industries. Tom leads the global Solutions Consultancy...

Using Hypermedia to Adapt Client-side Login to Go Beyond Passwords

There are various ways that client applications may need to log in when going beyond passwords. With a username and password, client development is easy -- just collect a couple of inputs from the user and match them on the server. When going beyond these though, how can client applications be deployed and maintained in a way that the server still dictates what the client should present and obtain from the user when authenticating them?

In this talk, Travis Spencer, CEO of Curity, will explain how hypermedia can be used to drive the login process in a way that allows for any kind of credential, any number of factors to be used, and other sophisticated measures can be taken which take the client far beyond passwords. He will talk about such an API, present a demo, and highlight some of the security issues and how you can overcome these.

From this talk, attendees will leave with new ideas about how server-driven login can be done safely and in a maintainable manner. In addition, attendees will gain an understanding of hypermedia and how it can be applied to authentication.

Travis Spencer
Travis Spencer
Travis has worked extensively with organizations in various industries in both the US, Europe, and elsewhere who are adopting cloud and mobile computing. His broad market exposure coupled with a...

Four Steps to a Next Generation PAM Solution

Four simple steps to the perfect PAM.

Start by merging your different 'forests' like AD Unix and Linux into your AD. Manage your servers and access world as you have always done in AD.

Define in simple steps 'who' has access to which services. Consolidate all accounts and passwords in one repository with hundreds of features like password hiding and auto password rotation.

If you don't know your password, you can't lose it. There is no easier way to control compliance and access.

Step three is simple: If you have access, what are you allowed to execute. If Ransomware has no rights, very simple, nothing can happen.

And last but not least: What rights do you have within the application? If you want to disable certain functions for user groups without rewriting the application, you are already at level four.

Stefan Schweizer
Stefan Schweizer
Stefan Schweizer is Regional Vice President Sales for the German-speaking region at ThycoticCentrify, a leading provider of Privileged Access Management solutions. In his position, Schweizer has...


On-Demand Access
Re-live EIC 2021
Watch more than 250 sessions on-demand
Download all available presentations
Subscribe for updates
Please provide your email address