PyOhio

Going Passwordless
By Jon Banafato

Passwords suck. They're often weak and reused, making them one of the least secure parts of web applications. This is such a problem that entire industries of password managers and two-factor authentication products have popped up as extra layers of security. To really address this issue and make our users and products more secure, we need a more fundamental change.

Saturday 3:45 p.m.–4:15 p.m. in Cartoon 1

  • The problem with passwords

    • Flaws in how passwords are used today
    • Some real life examples of how passwords fail us

  • Past attempts to fix this (and their issues)

    • SSL/TLS client certificates
    • Single sign on providers
    • Biometrics

  • Better approaches (and their implementations)

    • Magic links (email-based authentication)
    • Hardware tokens
    • WebAuthn

  • Putting it all together

    • A quick tour of the py_webauthn library
    • Building a custom Django authentication workflow with these concepts

  • Pros and cons

    • Advantages over conventional password-based authentication
    • Barriers to implementing this today and how to overcome them

  • Conclusion

Jon Banafato

Jon Banafato is a Python developer and event organizer living in NYC. He would love to see you attend PyGotham.

Twitter
Sponsors