We had a blast at Identiverse 2018 (formerly Cloud Identity Summit) in Boston last week and we had an amazing new booth specially designed for this event. The energy at the world’s largest gathering of identity professionals was inspiring.
There was a definite trend towards 'Customer Identity' (identity solutions for application developers), says Auth0 Head of Content and Guidance Mike Fitzbaxter. "This was in contrast to the normal Enterprise-centric Identity solutions which are predominantly showcased at these events. It was an exciting justification of Auth0's product vision.”
Solutions Review: Vittorio on Open Standards in Identity
Solutions Review’s Doug Atkinson caught up with Auth0 Principal Architect Vittorio Bertocci at the conference. They spoke about Vittorio’s recent move from Microsoft to Auth0 and the need for open standards in identity.
"Check out @vibronet’s #Identiverse 2018 interview with @Solution_Review on his move to @auth0 and open standards in identity + our conference recap!"
Wide Range of Identity Challenges, 5 Auth0 Sessions
In addition to discussing a wide range of identity challenges at our booth (biometrics for login, 500 legacy apps that needed to migrate quickly to a new framework, and wanting to add second-factor authentication to existing mobile apps), Auth0 offered 5 sessions, including one with our customer ATB Financial:
Beyond API Authorization (Jared Hanson)
The Critical Role of Identity in CX for ATB Financial (Martin Lapointe)
The Wheel, Reinvented. Or not. (Mike Fitzbaxter)
Auth0 Masterclass: Architecture & Identity: 3 IAM Examples to Support Digital Transformation (Jared Hanson)
Auth0 Masterclass:The Curse of Knowledge: Designing a Developer-Friendly IdaaS (Vittorio Bertocci)
What About the Hack the Code Contest?
Over 400 Identiverse attendees tried to Hack the Code to get into the Auth0 safe and claim the $5K Amazon gift card. Our most tried codes were 0000, 9999, 1234, and 2018 — typical codes that people use, but also an example of why you should avoid using those common options. To improve their chances, people also wanted to know who set the code and whether it was random or had a specific meaning.
The winning Auth0 code was actually a compilation of two random numbers chosen by two Auth0 employees: 4743.
In the end, it took a trio of colleagues to crack the code working a winning strategy that combined logic and luck with a little social engineering. Due to a request from their employer that they decline an interview and reveal neither their place of business nor their professions, we are only able to identify our winners by their first names, but we can share how they hacked the code!
On day one, each member of the trio tried random numbers. They could tell from watching Auth0 employees very closely that Joseph had to be close to the right number.
Aware that a lot conversation was happening at the Auth0 booth as attendees tried to hack the code, the trio remained close at hand, listening for possible clues. When day two came and went without the safe opening for them or for any other attendees, they took their social engineering strategy to the conference floor.
The trio talked up other conference attendees who had attempted to hack the code and decided that it was highly likely that the sequence relied on a repeated number, but the third day of attempts didn’t open the safe.
On the fourth day of the conference, they agreed to try again, with the three numbers they thought were correct, but with each of them repeating a different number fourth. Neither Brett nor Merrel cracked the code, but on the last try, Joseph entered the right sequence. The green light went on. The safe opened and the crowd went wild!
Since they had already joked about how they split money if they won, Joseph, having opened the safe received $2,000 Brett and Merrel each took home $1,500. We congratulate them on their successful strategy!
How Big was that Conference?
Thanks to everyone who helped make this conference possible. We can’t wait for next year! To get a sense of the scale of this conference, please check out the official Identiverse compilation video (and watch for Auth0). We hope to see you there next year!
Auth0 provides a platform to authenticate, authorize, and secure access for applications, devices, and users. Security and application teams rely on Auth0's simplicity, extensibility, and expertise to make identity work for everyone. Safeguarding billions of login transactions each month, Auth0 secures identities so innovators can innovate, and empowers global enterprises to deliver trusted, superior digital experiences to their customers around the world.