Talk in English - US at Longhorn PHP 2025
Track Name:
Hill Country D
Short URL: https://joind.in/talk/333a1
(QR-Code (opens in new window))
One of the things that developers often leave last when pushing out code is security. The amount of support requests I get in alone on implementing APIs on PHP versions that were end of life 2+ years ago tells me we still neglect security.
You have hashed passwords, fine. What about more modern application auth? Well, some people might already be using two-factor authentication with SMS. BUT... have you heard of Silent Authentication? Ever tried a Yubikey integration? In this session, we'll revisit security to open new doors you might have missed.
Comments
Please login to leave a comment
This helpful talk gave a good overview on the different 2FA methods and how to use them. Thank you!
Solid talk, interesting to see the different options and the demos worked well. Seeing the code for the webauthn flow was good, the yubikey is interesting and it's clearly quite complex in terms of the order of encryption options. It would be cool to get a clearer idea of what's happening in the interaction between the key and the device - eg how does one use it with their phone if you can't plug a USB in.
Really liked seeing the WebAuthN example, and the dad jokes. Maybe consider presentation text size ahead of time for both code and slides.
I was familiar with the first two methods, but really appreciated learning more about WebAuthN. As a dad myself, I fully approve of the dad-joke-to-slide ratio. Clear and helpful presentation with plenty of useful info. Definitely a presentation worth hashing over again.
A very interesting talk on how to implement lots of different MFA scenarios in PHP from the ground up. But, it's a lot of work and I don't know why I wouldn't just find a plugin like [0]? It even mentions RobThree/TwoFactorAuth in the first sentence.
[0]: https://github.com/andrej-griniuk/cakephp-two-factor-auth