Dev: User identity and authentication

Your users' experience during account creation and login is one of first and most important ways they interact with your web site. Passwords are by far the most common authentication factor, but they are extremely unfriendly for users: Good passwords are hard to remember, and bad passwords are easy to guess. In this talk, we will explain the trade-offs among various types of authentication: passwords, mobile login, social login, two-factor auth, single sign-on, SAML, and OAuth. Finally, we'll discuss the impact these choices have on your development process and your users.

This talk is presented by Isaac Potoczny-Jones, a security researcher with Galois, inc and one of the primaries behind Tozny.com which provides, as he says it, "state of the art identity management" that combines "security and usability" through their API, smartphone applications, and WordPress plugin.