Forgot Password? Yes I Did!

1. FORGOT PASSWORD? YES I DID! AN INTRO TO PASSWORDLESS AUTHENTICATION

2. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! ABOUT ME @joel__lord joellord

3. PASSWORDS ARE BAD

4. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! PASSWORDS ARE BAD ▸ Help desk costs ▸ Technology acquisition costs ▸ Management and operations costs

5. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! PASSWORDS ARE BAD ▸ 2,6G data records compromised in 2017

6. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! PASSWORDS ARE BAD ▸ 2,6G data records compromised in 2017 ▸ https://breachlevelindex.com

7. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! PASSWORDS ARE BAD ▸ More computing power === easier cracking ▸ More social media presence === easier social engineering ▸ Users will always be your weakest link

8. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! PASSWORDS ARE BAD ▸ 23% of users admit having only one password ▸ More than 60% of users use at least two devices everyday ▸ We all hate passwords!

9. @joel__lord #BocaJS

13. WHAT CAN YOU DO?

14. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! WHAT CAN WE DO? ▸ Use best practices

15. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! OAUTH - IMPLICIT FLOW

16. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! OAUTH - IMPLICIT FLOW ⛔

23. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! WHAT CAN WE DO? ▸ Use best practices ▸ Delegate

24. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! WHAT CAN WE DO? ▸ Use best practices ▸ Delegate ▸ MFA

25. FORGET PASSWORDS

26. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! FORGET PASSWORDS ▸ Avoid reusing passwords

27. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! FORGET PASSWORDS ▸ Avoid reusing passwords ▸ Use a password manager

28. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! ALTERNATIVES ▸ WebAuthn

31. DEAR DEMO GODS, PLEASE LET THIS WORK WEBAUTHN DEMO Demo src: https://webauthn.me/

33. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! ALTERNATIVES ▸ WebAuthn ▸ Biometrics

34. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! BIOMETRICS https://www.microsoft.com/en-us/research/wp-content/uploads/2008/10/ECCV_CAT_PROC.pdf

35. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! BIOMETRICS https://www.microsoft.com/en-us/research/wp-content/uploads/2008/10/ECCV_CAT_PROC.pdf

36. DEAR DEMO GODS, PLEASE LET THIS WORK BIOMETRICS DEMO Demo src: https://voiceit.io/

37. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! ALTERNATIVES ▸ WebAuthn ▸ Biometrics

38. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! ALTERNATIVES ▸ WebAuthn ▸ Biometrics ▸ Magic Links

39. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! ALTERNATIVES ▸ WebAuthn ▸ Biometrics ▸ Magic Links

40. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! MAGIC LINKS (POST /AUTHORIZE)

45. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! MAGIC LINKS (GET /LOGIN/{MAGICLINK})

50. DEAR DEMO GODS, PLEASE LET THIS WORK MAGIC LINK DEMO Demo src: https://github.com/joellord/secure-spa-auth0/

51. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! ALTERNATIVES ▸ Yubikeys ▸ Biometrics ▸ Magic Links

52. FUTURE OF IDENTITY MANAGEMENT

53. @joel__lord #BocaJS FORGOT PASSWORD? YES I DID! RESOURCES ▸ OAuth & Open ID Connect ▸ http://bit.ly/oauth-talk ▸ JWTs ▸ https://jwt.io ▸ WebAuthn ▸ http://bit.ly/webauthn-demo ▸ VoiceIt integration with Auth0 ▸ http://bit.ly/auth0-voiceit

54. @joel__lord joellord FORGOT PASSWORD? YES I DID! BocaJS March 5th, 2019 THANK YOU !

55. TEXT

56. TEXT

Forgot Password? Yes I Did!

Joel Lord

Forgot Password? Yes I Did!