Password-Based Authentication Strategies

 4 years ago 5,353 views
Presented by Eric Mann (@EricMann)

October 17, 2019

The first point of contact most users have with your application is the login screen. It’s a ubiquitous interface, and approaches for handling authentication are legion. A plethora of options for authentication doesn’t mean it’s an easy practice, though. Together, we’ll review authentication from first principles, starting with password-based systems and diving deeper into defensive hashing techniques and the edge cases developers need to consider when protecting user data. We’ll also go deep into the secure remote password flow, leveraging the technique both from native PHP and a JavaScript client-side implementation.

By the end of this session, you will have learned:

• How to advise your customers on password strength
• How to enforce users are leveraging strong passwords
• How to protect your application from brute-force bypass attempts
• How to securely authenticate a user without ever seeing their password

About Eric
Eric is a technical leader and software polyglot with over a decade of experience working on projects big and small. He leads data-based initiatives at Vacasa, working with both data science and data engineering to optimize business workflows and innovate on technical implementations to drive the team towards the future.



PHP Tutorials and Videos
Showing 1 to 1 of 1 comments.
sherriw - 4 years ago
Great talk.
Curious how you would accomplish the Libsodium key-based auth where you never see the password.... if your client isn't in PHP. Say from a browser... you'd need the client side code in Javascript.


PHP Tutorials and Videos