Talk in English - US at php[tek] 2019
Track Name:
Security
View Slides: https://speakerdeck.com/ericmann/you-shall-maybe-pass
Short URL: https://joind.in/talk/8906d
(QR-Code (opens in new window))
The first point of contact most users have with your application is the login screen. It’s a ubiquitous interface, and approaches for handling authentication are legion. A plethora of options for authentication doesn’t mean it’s an easy practice, though. Together, we’ll review authentication from first principles, starting with password-based systems and diving deeper into defensive hashing techniques and the edge cases developers need to consider when protecting user data. We’ll also go deep into the secure remote password flow, leveraging the technique both from native PHP and a JavaScript client-side implementation.
By the end of this session, you will have learned:
How to advise your customers on password strength
How to enforce users are leveraging strong passwords
How to protect your application from brute-force bypass attempts
How to securely authenticate a user without ever seeing their password
Comments
Comments are closed.
A very in-depth session on PHP password security. You could really tell that the speaker knew what he was talking about.
Tons of good info on passwords.