Upgrade to Pro — share decks privately, control downloads, hide ads and more …

No More Post-its: Boost your login security wit...

Avatar for Alvaro Navarro Alvaro Navarro
March 25, 2025
Programming
0
25

No More Post-its: Boost your login security with APIs

Avatar for Alvaro Navarro

Alvaro Navarro

March 25, 2025
Tweet

More Decks by Alvaro Navarro

See All by Alvaro Navarro
Baking a great DX
Avatar for Alvaro Navarro alnacle
0
140
Designing APIs Like You'd Design Your House
Avatar for Alvaro Navarro alnacle
0
130
Build your first Spotify App
Avatar for Alvaro Navarro alnacle
0
26
How to use your API Gateway as Developer Relations Tool
Avatar for Alvaro Navarro alnacle
0
50
Building awesome SDKs for your APIs: Best Practices
Avatar for Alvaro Navarro alnacle
0
92
DevRel as Professional Career
Avatar for Alvaro Navarro alnacle
0
190
Effective API Governance: Lessons Learnt
Avatar for Alvaro Navarro alnacle
0
3.2k
Building a partnership that scales through APIs
Avatar for Alvaro Navarro alnacle
0
110
The Journey of an OpenAPI platform
Avatar for Alvaro Navarro alnacle
0
150

Other Decks in Programming

See All in Programming
Goで作る、開発・CI環境
Avatar for Shinpei Mine sin392
0
260
チームで開発し事業を加速するための"良い"設計の考え方 @ サポーターズCoLab 2025-07-08
Avatar for Agata Naomichi agatan
1
470
レトロゲームから学ぶ通信技術の歴史
Avatar for kimkim0106 kimkim0106
0
110
SQLアンチパターン第2版 データベースプログラミングで陥りがちな失敗とその対策 / Intro to SQL Antipatterns 2nd
Avatar for Takuto Wada twada
PRO
16
2.9k
フロントエンドのパフォーマンスチューニング
Avatar for kouki.miura koukimiura
5
2k
RailsGirls IZUMO スポンサーLT
Avatar for 16bit_idol 16bitidol
0
200
Claude Code + Container Use と Cursor で作る ローカル並列開発環境のススメ / ccc local dev
Avatar for Yuichi Maekawa kaelaela
12
7.1k
Vibe Codingの幻想を超えて-生成AIを現場で使えるようにするまでの泥臭い話.ai
Avatar for Kuu fumiyakume
12
5k
型で語るカタ
Avatar for irof irof
0
700
猫と暮らす Google Nest Cam生活🐈 / WebRTC with Google Nest Cam
Avatar for Yutaro Muta yutailang0119
0
170
PipeCDのプラグイン化で目指すところ
Avatar for Warashi warashi
1
310
初学者でも今すぐできる、Claude Codeの生産性を10倍上げるTips
Avatar for Oikon s4yuba
16
13k

Featured

See All Featured
Building Adaptive Systems
Avatar for Chris Keathley keathley
43
2.7k
Put a Button on it: Removing Barriers to Going Fast.
Avatar for kastner kastner
60
3.9k
Writing Fast Ruby
Avatar for Erik Berlin sferik
628
62k
Java REST API Framework Comparison - PWX 2021
Avatar for Matt Raible mraible
31
8.7k
jQuery: Nuts, Bolts and Bling
Avatar for Doug Neiner dougneiner
63
7.8k
Learning to Love Humans: Emotional Interface Design
Avatar for Aarron Walter aarron
273
40k
The Cult of Friendly URLs
Avatar for Andy Hume andyhume
79
6.5k
Understanding Cognitive Biases in Performance Measurement
Avatar for Philip Tellis bluesmoon
29
1.8k
Fashionably flexible responsive web design (full day workshop)
Avatar for Andy Clarke malarkey
407
66k
Optimizing for Happiness
Avatar for Tom Preston-Werner mojombo
379
70k
CSS Pre-Processors: Stylus, Less & Sass
Avatar for Bermon Painter bermonpainter
357
30k
Agile that works and the tools we love
Avatar for Rasmus Luckow-Nielsen rasmusluckow
329
21k

Transcript

  1. No More Post-its: Boost your login security with APIs PRESENTED

    BY: Alvaro Navarro Senior Developer Advocate, Vonage

  2. 91 % 2

  3. 91 % Cyberattacks started with a phishing email 3 according

    to a security report by Deloitte, AAG and ASEE)

  4. 4 2020

  5. None

  6. Services collects our personal data, which could be leaked!

  7. More sophisticated attacks to steal our data Leaked data +

  8. Fraud is everywhere 8

  9. is there anything we can do to feel safer? 9

  10. None

  11. How to improve the security of your users using APIs

    11

  12. 3 factors of authentication 12

  13. Something you know Something you have Something you are

  14. Something you know

  15. Let’s talk about passwords 15

  16. If you know the secret, you must be the right

    person

  17. If you know the secret, you must be the right

    person

  18. What’s wrong with Passwords? • Easy to forget. Force users

    to follow complex patterns difficult to remember
  19. None
  20. None

  21. What’s wrong with Passwords? • Easy to forget. Force users

    to follow complex patterns difficult to remember • (Sometimes) Easy to guess
  22. None

  23. What’s wrong with Passwords? • Easy to forget. Force users

    to follow complex patterns difficult to remember • (Sometimes) Easy to guess • (Sometimes) Easy to crack
  24. None

  25. 25 What is your password? It’s my cat name and

    a random number

  26. 26 What is your password? It’s my cat name and

    a random number You’ve got this cat for a while? Yeah, she’s my childhood pet

  27. 27 What is your password? It’s my cat name and

    a random number You’ve got this cat for a while? Yeah, she’s my childhood pet Ohh… what’s her name? Her name is Jolie

  28. 28 What is your password? It’s my cat name and

    a random number You’ve got this cat for a while? Yeah, she’s my childhood pet Ohh… what’s her name? Her name is Jolie So your password would be Jolie and then number… Like number one… Uh… like.. My birthday

  29. 29 What is your password? It’s my cat name and

    a random number You’ve got this cat for a while? Yeah, she’s my childhood pet Ohh… what’s her name? Her name is Jolie So your password would be Jolie and then number… Like number one… Uh… like.. My birthday Oh, and when is your birthday? June 12th

  30. 30

  31. 31

  32. 32

  33. 33

  34. 34 mypassword 91dfd9ddb4198affc5c194cd8ce6d338fde470e2 https://api.pwnedpasswords.com/range/91dfd

  35. 35

  36. Something you have

  37. OTP (one-time-passwords) 37

  38. But not Jolie6695 38

  39. 39 two-factor authentication (2FA)

  40. 40 Message App Push Notification Hardware

  41. 41 Message App Push Notification Hardware Still the most used

    2FA method!

  42. 42 Something you have Verify API Prevent fraud with two-factor

    authentication

  43. 43

  44. 44

  45. 45 But… What if…

  46. 46

  47. 47 SIM Swap attack • Hijacking your phone number by

    linking it with a different SIM card • Sending a message is not safe anymore!

  48. 48 https://camaraproject.org/ APIs enabling seamless access to Telco network capabilities

  49. 49 Something you have SIM Swap API • Determine if

    the SIM Card linked to a phone number has recently changed • Make sure that the user’s mobile number can be used for authentication purposes.

  50. 50

  51. 51

  52. 52 Something you have SIM Swap API Determine if the

    SIM Card linked to a phone number has recently changed

  53. 53

  54. 54

  55. 55 2FA enabled SIM swap not detected ✅ ✅

  56. 56 But… What if…

  57. 57 • We want to keep users logged in but

    we don’t want to go through all these steps again • Use mobile data to verify users!

  58. 58 Something you have Number Verification API Verify end-users using

    mobile data over 5G

  59. 59 Something you have

  60. 60 Something you have

  61. 61 Mobile Operator Auth URL

  62. 62 Mobile Operator Auth URL Backend Callback

  63. 63 Mobile Operator Auth URL Backend Callback Number Verification API

    call

  64. 64 Mobile Operator Auth URL Backend Callback True / False

    Number Verification API call

  65. Something you are

  66. Integrate image and video analysis capabilities into their applications via

    API 66 Something you are
  67. None

  68. Something you know Something you have Something you are

  69. Something you know Something you have Something you are Somewhere

    you are
  70. None

  71. Verify whether the location of an end-user is within a

    specified area 71 Somewhere you are Device Location Verification API
  72. None
  73. None
  74. None
  75. None

  76. 76 To recap

  77. Verify API SIM Swap API Number Verification API Amazon Rekognition

    API Device Location API Something you have Something you are Somewhere you are Something you know I have been pwned API

  78. Thank You! developer.vonage.com developer.vonage.com/blog