JSFoo 2019

On component architecture, front-end engineering and Developer Experience (DX)


Passwords are so 1990

Submitted by Sam Bellen (@sambego) on Thursday, 2 May 2019

Section: Full talk (40 mins) Technical level: Beginner Session type: Lecture Status: Under evaluation


As long as we’ve been using the internet, and way before that, we have been authenticating through some sort of username and password combination. It has become the standard. With the ever increasing number of web-apps, we’re seeing more and more data breaches as well. What if we could build our authentication processes in a way the user doesn’t need a password?


In this talk I will give a quick overview of the past, present and future of authentication. From basic authentication to passwordless biometric authentication using the web authentication API, and everything in between. The audience does not need any specific knowledge as this talk will not go into implementation details, but aims to give a view of what’s to come in terms of authentication.


Passwords are so 1990

Speaker bio

I’m Google Developer Expert who works as a Developer Evangelist at Auth0. At Auth0 we’re trying to make authentication and identification as easy as possible, while still keeping it secure.

After office hours I like to play around with the web-audio API, and other “exotic” browser API’s. One of my side projects is a library to add audio effects to an audio input using JavaScript.

When I’m not behind a computer, you can me find playing the guitar, having a beer at a concert, or trying to snap the next perfect picture.



Preview video



  •   Abhishek Balaji (@booleanbalaji) Reviewer 10 months ago

    Hi Sam,

    Thank you for submitting a proposal. I have a few questions regarding your proposal.

    1. Who is the intended audience for the talk? The audience at JSFoo would be mostly folks with 2-3 years of experience working professionally and they’d already be aware of authentication methods.
    2. What is the one key takeaway for someone sitting in the audience?
    3. What are the alternatives to Auth0’s solutions? Are there existing solutions? Why did Auth0 build this solution?

    We need to see more detailed slides which cover the following aspects:

    • Problem statement/context, which the audience can relate to and understand. The problem statement has to be a problem (based on this context) that can be generalized for all.
    • What were the tools/frameworks available in the market to solve this problem? How did you evaluate these, and what metrics did you use for the evaluation? Why did you pick the option that you did?
    • Explain how the situation was before the solution you picked/built and how it changed after implementing the solution you picked and built? Show before-after scenario comparisons & metrics.
    • What compromises/trade-offs did you have to make in this process?
    • What is the one takeaway that you want participants to go back with at the end of this talk? What is it that participants should learn/be cautious about when solving similar problems?

    We need your updated slides and preview video by 28 May to evaluate your proposal. If we do not receive an update, we’d be moving your proposal for evaluation under a future event.

  •   Sam Bellen (@sambego) Proposer 10 months ago

    Hey Abhishek

    While the talk does not require any previous knowledge of the topic, it is not aimed at the beginner developer. The matter handled in this talk is around authentication and security which are some advanced topics. Some knowledge of private/public keys and how they work, as well as traditional ways to do authentication are certainly a usefull piece of knowledge to follow along with the talk, but not strictly necessary.

    The main key takeaway is that there is a new browser API available in all major browsers, the webauthentication API. This API enables a key based authentication istead of the more traditional password based authentication. The API became an official W3C spec in March this year, so it’s fresh for most people. https://www.w3.org/TR/webauthn/
    A key based approach is a much safer way to handle authentication on the web and can elliminate the weakest link in this process, the password.

    While the talk handles passwordless authentication in all it’s forms, it’s a build-up to this new piece of technology.

    Just to be clear, this is not something we build at Auth0, but an industry standard we support implemented by browser vendors. This talk will not cover any feature of Auth0, except our educational website which illustrate how the API works. https://webauthn.me

    An older version of the slides can be found here: https://www.slideshare.net/SamBellen/passwords-are-so-1990

    I’m in the works of rewriting the whole talk and slides so I can not provide a newer version at the moment.


Login with Twitter or Google to leave a comment