Static credentials of all kind (passwords, permanent tokens, SSH keys …) are a major hazard in IT. A lot of engineering effort goes into securely managing secrets. And still companies utterly fail in this area (see “Instagram’s Million Dollar Bug”).
It is essential to eradicate such static credentials wherever possible. Digital identities, access control lists and trust relationships are the modern tools that make our services secure and our live as engineers easy.
Come and learn from practical examples and specific recommendations for on-premise data centers, desktops and cloud environments that you can instantly use at home and at work. Practical examples include AWS identity integration for Kubernetes or for GitLab CI.
Stealing data from public or shared cloud environments is a raising threat that already put companies out of business. Putting all our assets into public or shared clouds takes away the layer of physical security that is the base of traditional security concepts. One of the root causes for weak security in cloud environments are static credentials.
This talk raises the awareness for this problem and provides proven solutions how to solve it. It lays out a security strategy that significantly reduces the risk of being hacked and that increases the convenience for all users and developers.
See A Login Security Architecture Without Passwords (https://schlomo.schapiro.org/2022/02/login-security-architecture-without-passwords.html) for more background info.