SecAppDev 2023 lecture details

Analysis of authentication: deciding on "good enough"

In this session, we start by threat modeling an authentication system. We analyze the risks of secret-based authentication and guide you in building usable password policies. We'll dive into the math, and investigate secure password storage.

Tuesday June 13th, 09:00 - 10:30
Room West Wing
Download handouts
Abstract

There are many different ways to implement user authentication. Typically we would want multiple factors of strong authentication, but how do we know if it's strong enough? And are there any disadvantages of making authentication too strong?

In this session, we dive into the most common form of user authentication: passwords. We will answer the question of "good enough" by investigating how passwords are broken, misused, and abused. We also explore how password-based authentication should be implemented, and provide actionable advice on balancing the trade-off between security and usability.

Key takeaway

Analyze the security of user authentication, make the right trade-offs, and strengthen the security of password-based authentication

Content level

Deep-dive

Target audience

Developers, dev leads, appsec engineers, security champions

Prerequisites

Experience with using passwords

Join us for SecAppDev. You will not regret it!

Grab your seat now
Avi Douglen
Avi Douglen

CEO, Bounce Security

Expertise: Product security, security processes, security tools, and threat modeling

More details

Join us for SecAppDev. You will not regret it!

Grab your seat now

Related lectures

SecAppDev offers the most in-depth content you will find in a conference setting

Grab your seat now