Passwords are bad. We all know it, but we also know you’re not going to build a service that doesn’t use them - not if you like paying the rent. However, we can do a lot better. We’ll take a whirlwind tour through the aspects of connecting people to your service, from generating passwords, not using passwords at all, creating users with one tap, identity providers, automatic cross-device sign-in, and password managers. Sign-in should be simple.


Comments are closed.

Liam Wiltshire at 16:14 on 10 Jun 2017

A brilliant talk! Really interesting figures and good examples of what we should be doing.

Mark Railton at 16:35 on 10 Jun 2017

In general was a good talk however felt aimed at pointing people to the google eco-system.

Katy Ereira at 20:27 on 10 Jun 2017

Smashed it, Rowan. I loved your talk. Pacing was good, style was good, information was good. I learned and laughed at the same time. Thank you! :D

Tim Stamp at 21:13 on 10 Jun 2017

Could have had more PHP-related examples ? #troll

Nice in-depth introduction to some new "wants-to-be-mainstream" JS/browser auth features in the "good" browsers ?

Chris Emerson at 22:38 on 10 Jun 2017

Really enjoyable presentation - some great ideas to think about in terms of supporting password managers (even if just the built-in browser one), managing identities across different applications and devices and more.

Peter Fisher at 23:26 on 10 Jun 2017

Fun presentation - Yes Google Plus is still a thing!
Very insightful talk on security and passwords.
I really liked the execution of this talk and learnt a lot from it.

Chris Sherry at 12:17 on 11 Jun 2017

This was my second time seeing Rowan talk and he is fast becoming one of my favourite speakers. Great enthusiam for the subject and builds a really nice narrative around his talks.

This talk was always going to be focused around Google and the innovations they are making, but Rowan did a very good job of remaining unbiased and sidestepping some awkwardness when it came to products that do not have these features.

I also liked that he invited questions from the audience throughout the talk - when managed well like this, it can make a big difference to the experience.

The takeaways from this talk have helped with my understanding of the state of play at the moment with these technologies.

Lee Stone at 12:41 on 11 Jun 2017

A great talk, really well presented and with a number of take aways which I want to act on straight away (possibly not going to quite achieve that todo list by Wednesday!). It was all presented in an entertaining and relaxed way which helps make the talk really enjoyable.
I did feel it was a little too Google specific - there wasn't too much about how this might work for people who don't use chrome, although this is probably hampered by the somewhat limited support elsewhere.

Lee Boynton at 19:38 on 11 Jun 2017

The talk was definitely very Chrome oriented, it would have been nice to hear a little more about the support in Firefox and Edge.

It was good to hear about how the autocomplete functionality works and how you can automatically sign users in across devices.

I enjoyed the audience interaction, even if I didn't put my hand up when asked if the audience did. :)

Thanks Rowan!

Gary Jones at 00:41 on 12 Jun 2017

Polished presentation. I came in late, so probably missed the bit that Rowan (presumably) works for Google, but that became evident throughout the talk. Good humour, audience participation, well-explained opinions.

The Google Smart Lock seemed to be a new feature (I'd only just started seeing it on my phone and desktop), but my password manager of choice has allowed me to save credentials on one device, and then use them to auto-login on that and other devices and platforms, for web and apps, for a year or two, so the Smart Lock examples felt somewhat redundant to me.

I'd like to see the title of the talk changed though - I almost didn't come and see it, as the title doesn't convey to me, what the talk was actually about.

Daniel Platt at 09:32 on 12 Jun 2017

Good talk.

Wouldn't seem like a Google talk, if the other browsers would catchup.

Naomi Gotts at 19:47 on 12 Jun 2017

Insightful talk - some really great slides and stats describing user experiences.

Mark Dain at 21:08 on 12 Jun 2017

Brilliant talk, thank you - it was great!

To expand on some other people's points about it feeling too Google orientated, I'd suggest pointing out more that navigator.credentials is a W3C standard - so mentioning Firefox & Edge more might help. Much of the magic happens through Chrome password syncing, but assuming Safari supported the standard, iCloud Keychain would play an important role; explaining that and helping people separate the two concepts (e.g. Firefox Sync also helps this to work) might be good too.

Great talk. Well-paced, engaging with the audience and both entertaining and informative. A great talk to have at the end of the second day. Thanks!

Marcus Deglos at 19:24 on 18 Jun 2017

A super, engaging talk from a polished expert. It was really useful to hear about some of the new identity tools making their way into browsers, and how identity-management is starting to merge across web and native applications. It's always great to come away from a talk with inspiration, and there's a lot from this that I intend to implement across my projects. Look forward to seeing some of the newer standards get more widespread support!