Explore passwordless cloud infrastructure in this NDC London 2023 conference talk. Learn about the current state of passwordless systems, including support from major players like Microsoft, Google, Okta, and AWS Cognito. Discover the security risks associated with internal password and token sharing among developers. Gain insights into FIDO and FIDO2 standards, and explore options for improving security designs. Examine a case study of a sample passwordless infrastructure stack and receive guidance on selecting vendors and development tools to enhance security posture. Delve into topics such as password managers, authentication factors, FIDO adoption, and core principles of identity management. Acquire valuable knowledge to build a more secure and efficient cloud infrastructure without relying on traditional passwords.
NOPASSWD - Building a Passwordless Cloud Infrastructure
Overview
Syllabus
Intro
What Is a Password?
Password Managers
Locally stored, never rotated
Simple Passwords + Brute Force
Authentication Factors
Passwordless Auth Technologies
FIDO Adoption
Adoption for End-Users
Code Repositories, CI/CD Configuration
Core Principles
Identity Manager
Passwordless Architecture
Selecting Vendors
When there's no other option...
Taught by
NDC Conferences
