Passwords suck. They're often weak and reused, making them one of the least secure parts of web applications. This is such a problem that entire industries of password managers and two-factor authentication products have popped up as extra layers of security. To really address this issue and make our users and products more secure, we need a more fundamental change.
3:45 p.m.–4:15 p.m.
The problem with passwords
Flaws in how passwords are used today
Some real life examples of how passwords fail us
Past attempts to fix this (and their issues)
SSL/TLS client certificates
Single sign on providers
Better approaches (and their implementations)
Magic links (email-based authentication)
Putting it all together
A quick tour of the py_webauthn library
Building a custom Django authentication workflow with these concepts
Pros and cons
Advantages over conventional password-based authentication
Barriers to implementing this today and how to overcome them
Jon Banafato is a Python developer and event organizer living in NYC. He would love to see you attend PyGotham.