Tuesday, May 10, 2022

- PDT
Getting Past the Password
Join on Hopin
Julianna Lamb
Julianna Lamb
Stytch, Co-founder and CTO

Any company doing business on the internet needs to authenticate their users. As the number of online accounts that each user needs to access has increased, the pains of password based authentication have reached a tipping point.

Passwords create problems both from a user experience perspective and a security perspective. From a user experience perspective, it is cumbersome to manage dozens if not hundreds of passwords for various accounts. From a security perspective, users end up cutting corners and reusing the same passwords across many of their online accounts. When one of those passwords is breached, then every other account using that same password is susceptible to an account takeover attack.

Passwordless authentication enables frictionless user experiences and an increased security posture, but navigating which of the myriad different authentication options to go with can be incredibly confusing. Passwordless can mean so many different things, such as email based verification like a magic link, SMS one time passcodes, biometrics, hardware keys, and SSO.

This session would discuss how to navigate the transition to a passwordless future. The session would discuss:
-Why passwords have to go.
-How to simultaneously increase conversion and decrease security risks.
-How to match your business needs to passwordless authentication options.
-When to choose email magic links, SMS one-time passcodes, WebAuthn (TouchID/FaceID and YubiKey support), OAuth, and multifactor flows, or use a combination of these methods.
-The present (and future) of biometric authentication.