Passwords don't have to be so hard!

Come and learn things you never knew you needed to know about designing a *usable* and more secure registration and login process.

“Why do I need a password that has at least 1 uppercase, 1 lowercase, 1 digit and 1 symbol?”
“Why does it say my email address isn’t valid?”
“Why doesn’t my password manager work with this website?”
“Why did my password manager generate a password that doesn’t even work?”
“How do I change or reset my password?”
“How do I enable 2FA/MFA for this website?”
“Why does this have to be so hard?!”

Have you been as frustrated as me and asked yourself these questions more often that you’d want? Want to spare your own users from thinking the same about your website?

Let’s have a little talk and some demos on how you can design your website registration, login and password management to make it easier and more friendly for your users, while making it more secure at the same time! It’s really not that hard, I promise! :)

We’ll also take a look at how website security and password management is changing in the future and how we can stay up to date!


EVE Online: Defending our players from hackers and the evolution of account security

In this session I will walk you through the history of account security in EVE Online, the uniquely player-driven spaceship MMO game set in a vast online sci-fi sandbox, running for more than 15 years. With EVE being a single-shard universe known for it's huge battles, it is a big target for hackers who want to break into and steal player accounts for various purposes. I will show you what methods we have used to prevent and counter online attacks against our players, the challenges we've faced in doing so with minimal impact to user experience, where we've failed and succeeded and how we've had to constantly evolve in the process. By sharing our experiences and methods, we hope you can take advantage of them to increase the security of your own systems.

This session is a walk through 10 years of development work battling account takeovers and brute force attempts against the MMO EVE Online and it's websites, through success and failure alike. It's not heavy on programming specifics but rather explains methodologies used to prevent hacking and takeover attempts. It goes over the most important scenarios we hit during several changes in the game, and how we had to tackle them before things such as 2FA really existed. Towards the end we will show several statistics on recent changes that have been made and how they have affected user security in a positive way through integrations such as Have I Been Pwned and 2FA. The session is around 1 hour long.

Have I Been Pwned: Serving billions of requests and terabytes of data without going broke!

Have I Been Pwned is a free service created by Troy Hunt, allowing people to check if their email, phone number or passwords have been leaked in data breaches. The service has grown immensely in popularity over the years and the number of API requests with it, to the point that as of March 2022, Have I Been Pwned is serving over 1.6 billion requests per month for its Pwned Passwords API alone. Running as an Azure Function, serving data in the number of terabytes and requests in the billions is not cheap. For a free service, this is a problem that needs to be solved.

I'm going to show you how Have I Been Pwned uses Cloudflare to reduce the potential cost by over 90%, all while making things faster and more efficient at the same time. And the best thing is, most websites can apply similar techniques with the same benefits!

Real-world examples on optimizing .NET performance

In this session I will show you real-world examples of code and techniques used to improve the performance of the RabbitMQ .NET Client, a .NuGet package with over forty-nine million downloads on NuGet. You will learn about memory allocations and their impact on the garbage collector and performance optimization techniques. You will get to know .NET language features like ref structs and ref parameters, code inlining, .NET constructs like Span< T >, Memory< T >, ArrayPool and even some unsafe code. There will be benchmarks and real code that you can apply to your own solutions and, who knows, you might even catch the occasional glimpse of some assembly code!

Monitoring and alerting like a pro with Azure Monitor/Application Insights

Monitoring, telemetry and alerting is something that every production-grade service needs to run effectively and with minimal downtime. Azure Monitor combines logging, metrics and alerting into one tool to help you gain the insights you need into your platform, no matter if it's running in a micro-service or monolithic architecture. I'm going to show you how to use Azure Monitor and how to make the most of it, in an extensible manner. Last but not least, I will also show you the true power of the Azure Monitor query language (Kusto), for when you want to truly unleash the power of Azure Monitor and hook it up to external tools or APIs.

This session is suited to anyone with an interest in DevOps and alerting/monitoring in production systems. Although it focuses on Azure Monitor as the presentation layer it will demonstrate a pattern in .NET that can be used to hook up telemetry and tracing in an extensible manner. The talk is focused on service based web applications but the same techniques can easily be applied to all manner of applications, be it mobile or desktop. The session is mostly demo based with short introductions on the main features of Azure Monitor. In the end an example of a full-blown implementation along with it's benefits is demonstrated to give a sense of excitement about the possibilities with a full integration. The session is around 1 hour long.