In the beginning, the internet was a happy place and everyone trusted everyone. Then stupid people arrived and it become necessary to find ways to keep them out. We did this by asking everyone to have a password and present it as proof that they belong. That worked OK for a while until we realised that people are bad at remembering things and storing things securely is kinda hard.

These days passwords are protecting much more valuable data in a much more hostile environment, but we're often making the same mistakes leading to hacks that leak password database and easy brute-forcing of low quality passwords. To help us do better we now have password managers, biometric identifiers, two-factor authentication, and stronger crypto. But how do you know which combination to choose for your service?

In this talk I'll take you through the history of authentication failures and screwups and show you how they can and have been solved, and in the process, show you how to make the best choices for your service by understanding your data and your users.