The past few years cryptographic engineers have worked towards safer APIs and primitives. Today, developers have access to a set of tools that are relatively straightforward to use and unlikely to get them in trouble. Latacora likes to call these "Cryptographic Right Answers": they're the things we like to hear when a company describes how their cryptographic designs work. We're not out of the woods yet: people don't always choose those right answers, and companies are often bound by bad calls they made years ago. This talk walks through some of the common dangerous, discredited or otherwise bad ideas using popular protocols and designs as examples. By learning to recognize problematic patterns, you can make better decisions tomorrow.
Join this session to get an update on Okta's latest developer tools and resources: Okta Sign-in Widget, integrations, and developer documentation. Learn about our client-side, server-side, and mobile SDKs, and when to use each tool. Then, get a sneak preview of our roadmap to further enhance the developer experience.
Does WebAuthn Signal the End of Passwords for Browsers?
Passwords have been the de-facto standard for authentication in the last 40 years, but end users hate them. Not to mention they aren't considered safe anymore - 81% of hacking-related account breaches leveraged weak or stolen passwords. While password + 2FA is a recommended approach by NIST, 2FA may still be hackable. WebAuthn promises a safer, phishing-resistant protocol and easier authentication standard for web applications. But can it live up to it's hype? Join this session to learn about WebAuthn and understand how you can build strong auth with WebAuthn into your applications.
OAuth: When Things Go Wrong!
Aaron Parecki, Senior Developer Advocate, Okta
In this talk you'll learn about many common security threats you will encounter when building microservices using OAuth, as well as how to protect yourself against them. We'll talk about a few recent high profile API security breaches and how they relate to OAuth. The talk will cover common implementation patterns for mobile apps, browser based apps and traditional web server apps, and how to secure each. We'll also cover the latest best practices around OAuth security being developed at the IETF OAuth working group.
Migrating Users to Okta - a Piece of Cake!
Rocco Martin, Solution Architect, Umpqua Bank
Jyotsna Raghunathan, Senior Technical Consultant, Okta
James Flores, Product Marketing Manager, Okta
So, you're excited about the prospect of upgrading your identity provider to Okta... but you have concerns around migrating your user store from a legacy database or an existing identity provider. How do you move millions of user accounts from one backend to another while minimizing potential disruptions to end user experiences, such as requiring users to reset their passwords? In this session, we'll examine key design considerations in planning for a migration, consider various migration options including the bulk import and "just-in-time" methods, and discuss the pros and cons of each approach. We've also invited Rocco Martin of Umpqua Bank to share their user migration story.
Keeping Mobile Secure
Hans Reichenbach, Staff Software Engineer, Okta
Have you ever built a new mobile app and wondered where to put all those little secrets that pop out of flows like OIDC or OAuth? Or, have you been nervous about hackers targeting your app to get at your customer data? You should attend this talk! One of Okta's top mobile developers will share all the tips and tricks for making sure that secrets stay a secret within your mobile apps.
Adapting with the Times: Building an App Marketplace
Kenn Bryant, Director, Architecture & SaaS Services, Pitney Bowes Inc
Zahid Ahmed, Chief Architect, SMB IoT & Commerce, Pitney Bowes Inc
Keith Casey, API Problem Solver, Okta
While most companies see APIs as the goal, Pitney Bowes sees them as the beginning. Over the last few years, we’ve changed our mindset, our processes, and our approach to how customers and partners consume our services. While it started with APIs for partner integrations, simple, secure APIs have enabled partners, accelerated internal development, and created the foundation of our new App Marketplace powered by Google Cloud and Okta. This session includes an overview, technical architecture, some of the technical challenges, and will close with a short demo of our live system.