Eric Mann, from Tozny’s engineering team, will be presenting two talks at 2017’s php[world] conference in Washington, D.C the week of November 15th. Come learn more about out-of-band identity verification and multi-factor authentication:
Talk Abstract: In 2016, NIST announced it was deprecating SMS-based 2FA (second-factor authentication) from its Digital Authentication Guidance. As the internet works to harden application and online security, what are the proper options available for truly secure authentication? What are those OOB (out-of-band) transactions anyway? Why is identity security so hard? Come learn about the tools that define the identity security landscape and how to easily integrate strong identity verification methods with your existing services. BYOA (bring your own acronyms).
His other talk is actually a 2-hour workshop highlighting best practices surrounding secure development for PHP applications:
Talk Abstract: Too often, the security of our applications is an afterthought rather than a pillar of design. This leads to embarrassing leaks of information, unintended violations of security best practices, or even critical vulnerabilities. This tutorial will walk through securing an app from first principles through smooth UX. We’ll navigate password hashing, two-factor authentication, and login by way of magic links. We’ll then go even further with auth by way of mobile push notifications!