© 2020 Strange Loop
Don't you hate it when you get an email telling you that your account may have been compromised? You're not alone—many of the biggest security disasters in recent memory were authentication bypasses, including the Google OAuth phishing email worm (2017), Yahoo's forged cookie breach (2016), and Adobe's password database leak (2013). Authentication continues to be a key area of attack on the web, yet it remains poorly understood by many developers. Understanding secure authentication helps you protect your users (and yourself!), and provides a natural survey of topics in security and cryptography.
Yan is a software engineer at Brave and a Technology Fellow at the Electronic Frontier Foundation. She has worked on numerous open source security and privacy projects, including Let's Encrypt, HTTPS Everywhere, SecureDrop, and Privacy Badger. Previously she was a senior security engineer at Yahoo, a member of the W3C Technical Architecture Group, a recipient of Forbes' 30 Under 30 award, and a board member of Noisebridge Hackerspace. She dropped out of high school, got a B.S. from MIT in Physics, and started a PhD at Stanford before dropping out of that too.
Garrett Robinson is a software engineer focusing on security and privacy issues. From 2014 to 2017 he was the lead developer of SecureDrop, an open source platform for journalists to securely communicate with confidential sources, and oversaw its expansion from 1 installation to over 30, including in major newsrooms such as The New York Times, The Washington Post, and The Intercept. Prior to that he was a security and privacy engineer at Mozilla, where he worked on Firefox's implementation of Content Security Policy (CSP) and experimented with techniques to protect web users from privacy-invading trackers, which lead to a collaboration with the EFF on the Privacy Badger browser extension.