JSFoo 2013

All about being creative with JavaScript

Killing passwords with JavaScript

Submitted by Francois Marier (@fmarier) on Jul 22, 2013

Section: Full talk Technical level: Intermediate Status: Confirmed & scheduled

Abstract

Attendees will understand why asking users for passwords is a bad idea and they will learn the basics of the BrowserID protocol so that they can take advantage of Persona on their own sites or webapps.

Outline

The year is 2013. Sites are getting owned left and right. Password databases are leaked for the lulz. You look at the hashed passwords in your database and hope your site's not gonna be next.

As with most other problems on the web, the answer, it turns out, is JavaScript. As a wise man once said: "When in doubt, always bet on JavaScript."

Mozilla is working on a new cross-browser login system for the web that's built entirely in JavaScript. Powered by node.js on the backend, it pushes most of the crypto to the browser in order to create a secure and privacy-respecting experience.

All you need to get started is an email address and a handful of JavaScript. No passwords to hash, no confirmation emails to send, nothing to install. Welcome to the future.

Speaker bio

François is a software engineer on the Mozilla Identity team where he fights for the open Web by building alternatives to centralised proprietary silos.

A long time Debian developer, François has been involved in Open Source for over 10 years and regularly contributes to several projects. He also volunteers for the Free Software Foundation and leads the development of Libravatar.org.

Links

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('You need to be a participant to comment.') }}

{{ formTitle }}
{{ gettext('Post a comment...') }}
{{ gettext('New comment') }}

{{ errorMsg }}