Over the top auth strategies (Changelog & Friends #78)
Jan 31, 2025
auto_awesome
Dan Moore from FusionAuth shares insights on modern authentication strategies. He discusses innovative methods like magic links, OTPs, and passkeys, exploring their security advantages and user experience challenges. The conversation dives into the balance between usability and security, addressing common issues users face with excessive permissions and password management tools. Dan also highlights the importance of educating users on multi-factor authentication and optimizing password security, making complex tech more accessible for developers.
The podcast discusses the increasing shift from traditional passwords to innovative authentication methods like Magic Links and Passkeys for enhanced security and user convenience.
User experience remains a critical concern as delays in OTP and email verifications can frustrate users, highlighting the need for efficient authentication processes.
Dedicated authentication providers like FusionAuth are becoming essential, allowing developers to focus on core features by offloading the complexities of identity management.
Deep dives
Retool's Partnership with Brex
Brex has utilized Retool's platform effectively for nearly seven years, transforming their internal operations. The partnership arose from Brex's need for robust internal tools to handle operational challenges such as fraud and underwriting. The solution provided by Retool allowed Brex's engineers to focus on customer-facing software rather than mundane internal CRUD applications. Today, Brex employs approximately a thousand Retool applications in production, enabling them to respond quickly to evolving business needs and internal demands.
The Evolution of Authentication
The discussion around authentication solutions highlights the evolving landscape of securing user access. Traditional email and password combinations are being challenged by innovative approaches such as Magic Links, One-Time Passcodes (OTP), and Passkeys. The shift reflects a growing desire for enhanced security measures while providing convenience for users, especially with the rise of mobile-friendly logins. With developers debating the future of passwords—whether they're becoming obsolete or still play a role—it's clear that multiple authentication methods will coexist for some time.
UX Challenges with Authentication
The user experience surrounding authentication methods continues to raise concerns among developers and users alike. For instance, while Magic Links provide ease of entry, they can be hampered by email delivery delays and potential security vulnerabilities. Users often find themselves frustrated with the flow of verification, especially if they need to open multiple applications or if emails are delayed. The conversation reveals the necessity for services to maintain a quick, efficient authentication process without overwhelming users with complexity.
MFA and Security Concerns
Multi-Factor Authentication (MFA) appears to be an essential measure for securing user accounts, but it also raises usability issues. Users expressed concerns around OTP delivery methods, knowing delays could disrupt the login flow. Some are skeptical of relying solely on authentication apps, as they can impose additional friction in the user experience. Discussions emphasize the balance that needs to be struck between ensuring robust security measures and maintaining user convenience.
The Role of Auth Providers
Dedicated authentication providers like FusionAuth and Auth0 are becoming increasingly important in the landscape of identity management. These services alleviate the burden on developers, allowing them to focus on core product features rather than building and maintaining authentication systems. As more organizations recognize the complexities of securing user authentication, they turn to these providers for scalable, secure solutions. This shift demonstrates a trend towards outsourcing authentication functions to specialize in user identity management.
Future of Passwords and User Accessibility
Despite advancements in authentication technology, the discussion suggests that passwords will not disappear overnight. Many users still rely on traditional login methods, particularly those who may not adopt newer forms of authentication. The primary goal remains to make login processes as seamless as possible while offering a variety of authentication options to suit different user preferences. As organizations continue to explore user-friendly solutions for access management, the dialogue around email-password combinations versus new-age authentication methods remains relevant.
Dan Moore from FusionAuth joins us for a wide-ranging discussion about modern auth strategies. We talk magic links, OTP, MFA, passkeys, password managers & so much more.
Changelog++ members get a bonus 9 minutes at the end of this episode and zero ads. Join today!
Sponsors:
Retool – The low-code platform for developers to build internal tools — Some of the best teams out there trust Retool…Brex, Coinbase, Plaid, Doordash, LegalGenius, Amazon, Allbirds, Peloton, and so many more – the developers at these teams trust Retool as the platform to build their internal tools. Try it free at retool.com/changelog
Temporal – Build invincible applications. Manage failures, network outages, flaky endpoints, long-running processes and more, ensuring your workflows never fail. Register for Replay in London, March 3-5 to break free from the status quo.
Notion – Notion is a place where any team can write, plan, organize, and rediscover the joy of play. It’s a workspace designed not just for making progress, but getting inspired. Notion is for everyone — whether you’re a Fortune 500 company or freelance designer, starting a new startup or a student juggling classes and clubs.
