Contribute Media
A thank you to everyone who makes this possible: Read More

You Shall Not Password: Modern Authentication for Web Apps


In the good old days, your users would log into a web app with a username and password. But now people expect an alphabet soup of SSO, 2FA, OAuth, OIDC, SAML, FIDO2, OTP… What do they all mean - and why do they matter? Why is central authentication useful? What does two-factor authentication really protect us from, and what’s still wide open? Learn how to keep your users safe as we discuss the good, the bad and the ugly of modern authentication mechanisms for the Web.

We’ll cover what authentication is, common ways of doing it, and common pitfalls. We’ll also cover what makes a web authentication system good, and whether that’s distinct from whether it’s secure (spoiler alert: it is!). Attendees will come away with a sense of what the authentication landscape looks like for modern web apps and why, and a few weird industry factoids to share at dinner parties.

This talk is aimed at anyone passingly familiar with web development, with an interest in security, or who simply wants to know what’s really going on when you ‘sign in with Google.’ #PWC2022 attracted nearly 375 attendees from 36 countries and 21 time zones making it the biggest and best year yet. The highly engaging format featured 90 speakers, 6 tracks (including 80 talks and 4 tutorials) and took place virtually on March 21-25, 2022 on LoudSwarm by Six Feet Up.

More information about the conference can be found at:


Improve this page