Upgrade to Pro — share decks privately, control downloads, hide ads and more …

No More Post-its: Boost your login security wit...

No More Post-its: Boost your login security with APIs

Avatar for Alvaro Navarro

Alvaro Navarro

March 25, 2025
Tweet

More Decks by Alvaro Navarro

Other Decks in Programming

Transcript

  1. No More Post-its: Boost your login security with APIs PRESENTED

    BY: Alvaro Navarro Senior Developer Advocate, Vonage
  2. 91 % Cyberattacks started with a phishing email 3 according

    to a security report by Deloitte, AAG and ASEE)
  3. What’s wrong with Passwords? • Easy to forget. Force users

    to follow complex patterns difficult to remember
  4. What’s wrong with Passwords? • Easy to forget. Force users

    to follow complex patterns difficult to remember • (Sometimes) Easy to guess
  5. What’s wrong with Passwords? • Easy to forget. Force users

    to follow complex patterns difficult to remember • (Sometimes) Easy to guess • (Sometimes) Easy to crack
  6. 26 What is your password? It’s my cat name and

    a random number You’ve got this cat for a while? Yeah, she’s my childhood pet
  7. 27 What is your password? It’s my cat name and

    a random number You’ve got this cat for a while? Yeah, she’s my childhood pet Ohh… what’s her name? Her name is Jolie
  8. 28 What is your password? It’s my cat name and

    a random number You’ve got this cat for a while? Yeah, she’s my childhood pet Ohh… what’s her name? Her name is Jolie So your password would be Jolie and then number… Like number one… Uh… like.. My birthday
  9. 29 What is your password? It’s my cat name and

    a random number You’ve got this cat for a while? Yeah, she’s my childhood pet Ohh… what’s her name? Her name is Jolie So your password would be Jolie and then number… Like number one… Uh… like.. My birthday Oh, and when is your birthday? June 12th
  10. 30

  11. 31

  12. 32

  13. 33

  14. 35

  15. 43

  16. 44

  17. 46

  18. 47 SIM Swap attack • Hijacking your phone number by

    linking it with a different SIM card • Sending a message is not safe anymore!
  19. 49 Something you have SIM Swap API • Determine if

    the SIM Card linked to a phone number has recently changed • Make sure that the user’s mobile number can be used for authentication purposes.
  20. 50

  21. 51

  22. 52 Something you have SIM Swap API Determine if the

    SIM Card linked to a phone number has recently changed
  23. 53

  24. 54

  25. 57 • We want to keep users logged in but

    we don’t want to go through all these steps again • Use mobile data to verify users!
  26. Verify whether the location of an end-user is within a

    specified area 71 Somewhere you are Device Location Verification API
  27. Verify API SIM Swap API Number Verification API Amazon Rekognition

    API Device Location API Something you have Something you are Somewhere you are Something you know I have been pwned API