Taking the Pain Out of Passwords and Authentication

Explore password security and authentication innovations in this EuroPython Conference talk. Delve into research-backed techniques for improving password system usability and mitigating shortcomings. Learn about the Universal Authentication Framework (UAF) and Universal Second Factor (U2F) standards, understanding how they streamline authentication processes and potentially eliminate passwords. Discover integration methods for UAF/U2F in Django and other Python frameworks. Gain insights into the current support status for UAF & U2F across browsers, devices, and the wider tech ecosystem. Enhance your understanding of modern authentication practices and their implementation in Python-based systems.

Intro
Servers suck at passwords Your password must satisfy the following rules
Passwords are the least worst Passwords
Mitigations: Password permute Passwords that you characters are easier to type on mobile
Encourage strong passwords Provide strength feedback as the user types
Allow users to see their password
fido
UAF - Universal Authentication Framework
Registering: server Server generates a challenge
Registering browser Javascript relays the challenge to the device
Registering: browser Javascript relays the challenge to the device
Registration: server Verify the response against the challenge
Authentication server Verify the password, then generate a challenge
Authentication: browser Javascript sends the challenge to the device
Authentication: verify the response
More info