Revisiting user registration and authentication

Friday 22.Nov

THEME: SW Craftsmanship

Anyone that has written any kind of App will be faced with the problem of how to register users and authenticate them. But user registration and authentication is boilerplate while implementing your idea. It is not your core domain, but a supporting domain that needs to exist.

So you either implement something very basic or rely on the framework that you use to provide it to you. And while there are a lot of alternative solutions (SSO, OAuth etc), almost always this default build-in authentication mechanism will exist for years to come.

But we can do better! In this talk we will discuss about two cryptographic protocols:

- Proof of Work (PoW) and

- Zero-Knowledge Password Proof (ZKPP),

that can be used to help us with user registration and authentication. Using those protocols we can enhance our authentication mechanism and have a very robust solution, more secure than most available implementations inside frameworks.

Both protocols are not new and are widely used: PoW in cryptocurrencies and ZKPP in password managers, but in this talk we will discuss on how to combine them and strengthen not only the authentication but also our entire solution.

TAGS: #cryptography #authentication #authorization #PoW #proof-of-work #ZKPP #zero-knowledge-password-proof