What the @#!? is Auth
from CTO and Security Specialist @ Authress (Switzerland)
About speaker
Warren focuses on technology that helps teams automate security implementations. He has journeyed through many different locations, technologies, and industries from Health Care IT in Wisconsin to E-Commerce in Switzerland.
About speakers company
Authress provides the complete authentication and authorization solution to easily drop into the software you're building. It enables login integration, fine grained control over permissions, api keys as a service, secure identities, and everything else to solve identity for your application control plane. We've been building Authress for over 6 years in Switzerland, and have a very dedicated team focused on security and convenience.
Abstracts
Authentication remains a complicated yet critical aspect of application security. In this talk, I'll demystify the core concepts, diving into access tokens, refresh tokens, and browser security mechanisms like WebAuthn for hardware-based authentication.
Additionally, I'll explore techniques such as session handling, revocation strategies, silent authentication for improved security UX, and the usage scopes for controlling access granularity, and common pitfalls associated with each.
Finally, I'll delve into JSON Web Tokens (JWTs), the use of EdDSA signatures for enhanced security and performance, as well as the common pitfalls that seasoned pro and newcomer alike struggle with when it comes to auth. Here I hope to equip everyone with some additional knowledge to navigate its complexities and build secure, user-friendly systems.
The talk was accepted to the conference program
other talks of this topic
Ambesh Singh
Visionet Systems Deutschland
Vladislav Shpilevoy
Senior Developer at VirtualMinds
