The first point of contact most users have with your application is the login screen. It’s a ubiquitous interface, and approaches for handling authentication are legion. A plethora of options for authentication doesn’t mean it’s an easy practice, though. Together, we’ll review authentication from first principles, starting with password-based systems and diving deeper into defensive hashing techniques and the edge cases developers need to consider when protecting user data. We’ll also go deep into the secure remote password flow, leveraging the technique both from native PHP and a JavaScript client-side implementation.

By the end of this session, you will have learned:

How to advise your customers on password strength
How to enforce users are leveraging strong passwords
How to protect your application from brute-force bypass attempts
How to securely authenticate a user without ever seeing their password


Comments are closed.

A very in-depth session on PHP password security. You could really tell that the speaker knew what he was talking about.

David Sutphin at 21:04 on 23 May 2019

Tons of good info on passwords.