One of the things that developers often leave last when pushing out code is security. The amount of support requests I get in alone on implementing APIs on PHP versions that were end of life 2+ years ago tells me we still neglect security.

You have hashed passwords, fine. What about more modern application auth? Well, some people might already be using two-factor authentication with SMS. BUT... have you heard of Silent Authentication? Ever tried a Yubikey integration? In this session, we'll revisit security to open new doors you might have missed.

Comments

Please login to leave a comment

Chris Jones at 09:45 on 21 May 2025

An excellent overview of modern authentication with a good balance of code examples and exposition

Very thorough. Going to try out bitwarden

Joseph Lavin at 10:04 on 21 May 2025

5 stars for the jokes.

Andrew Easton at 13:09 on 21 May 2025

good talk about 2fa, multifactor, and webauthn. however the title talk was very misleading as to what the talk was about

This was a great talk by Chuck that went over different MFA strategies and gave quick but practical demos as to how basic setup and login flows could be implemented with each strategy. Gave a well-explained overview of some of the structure and standards that go into OTPs and WebAuthN as well as a brief look as "silent auth".

s w at 22:24 on 22 May 2025

Chuck was brilliant and funny. His knowledge of the subject matter was evident.