Secure Authentication for the Web

Arne Blankerts | The Online PHP Conference |

Securely storing credentials is not easy, proven by the fact that hardly a day goes by without a company admitting they had a security breach and login credentials got stolen. So maybe we should not have them store passwords to begin with! WebAuthn, the W3C Standard for secure and phishing-proof logins, aims for nothing less than to revolutionize authentication on the web. Already supported by all major browsers, it can be used as an alternative to TOTP tokens for a secure second factor that can even replace passwords altogether. In this workshop we will modernize an existing PHP application with a rather traditional login to use a secure second factor for authentication, retire the need for passwords and protect it against all sorts of attacks. Join us in our quest to make stolen credentials a thing of the past! This is an interactive live coding workshop in mob-programming style with the presenter's screen shared. You will not write code on your own computer.