Yedidya Schwartz

Accelerating Authentication Architecture: Taking Passwordless to the Next Level

A slow-loading widget was crippling their passwordless login. See how a new architecture using materialized views cut load times from 500ms down to a blazing-fast 14ms.

Accelerating Authentication Architecture: Taking Passwordless to the Next Level
#1about 3 minutes

Understanding passwordless authentication technologies

An overview of the core concepts behind passwordless authentication, including FIDO2, WebAuthn, and Passkeys.

#2about 3 minutes

How the initial passwordless solution worked

A high-level look at the original architecture where a user interacts with a widget that triggers a multi-step authentication process involving a customer's user database.

#3about 2 minutes

Identifying the widget's performance bottleneck

The authentication widget loaded with a noticeable delay or sometimes not at all, creating a poor user experience that undermined the speed of passwordless login.

#4about 2 minutes

Analyzing the legacy loading architecture

The previous solution suffered from high latency and request dependencies by loading an SDK, translations, and dynamic configurations in separate network calls.

#5about 2 minutes

Applying design patterns for performance optimization

The materialized view and server-side composition patterns provide a theoretical framework for pre-calculating data and bundling resources to reduce requests.

#6about 4 minutes

Building the new high-performance architecture

A new architecture was designed using a "baking server" microservice to pre-compose all necessary resources into a single file stored in Redis for fast retrieval.

#7about 5 minutes

Scaling the solution with a CDN and request collapsing

AWS CloudFront was placed in front of the baking server to handle massive scale, using request collapsing to prevent the origin from being overwhelmed during traffic spikes.

#8about 5 minutes

Solving the Redis hotkey bottleneck at scale

High traffic to a single Redis key caused network allowance issues, which was solved by sharding the key, adding an in-memory cache, and using CloudFront's Origin Shield.

#9about 3 minutes

Keeping cached data fresh with CDN invalidation

A Redis pub/sub mechanism triggers programmatic CDN invalidations whenever customer configurations change, ensuring users see updates within minutes.

#10about 5 minutes

Reviewing results and key architectural takeaways

The new architecture reduced widget load time from over half a second to 14 milliseconds by leveraging existing components, using observability, and adapting design patterns.

#11about 11 minutes

Q&A on career path and the future of passwordless

A discussion on transitioning into a DevOps role, the industry-wide shift towards passwordless authentication, and balancing user convenience with security.

#12about 6 minutes

Q&A on business drivers and implementation

An exploration of the business motivation for passwordless adoption, such as increasing conversion rates, and the technical challenges of ensuring a secure and seamless user experience.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Exploring the user experience flaws in web authentication
00:29 MIN

Exploring the user experience flaws in web authentication

SSO with Ethereum and Next JS

Q&A on speed, team adoption, and common mistakes
29:56 MIN

Q&A on speed, team adoption, and common mistakes

DevSecOps: Injecting Security into Mobile CI/CD Pipelines

Q&A on GraphQL federation and Next.js authentication
38:18 MIN

Q&A on GraphQL federation and Next.js authentication

GraphQL + Apollo + Next.js: A Lovely Trio

A practical guide to adopting modern authentication methods
24:06 MIN

A practical guide to adopting modern authentication methods

Going Beyond Passwords: The Future of User Authentication

Identifying persistent challenges in modern web development
08:55 MIN

Identifying persistent challenges in modern web development

The year 3000, a brief history of Web Development

How passwordless authentication with magic links works
08:54 MIN

How passwordless authentication with magic links works

Going Beyond Passwords: The Future of User Authentication

Answering audience questions on authorization best practices
41:16 MIN

Answering audience questions on authorization best practices

Un-complicate authorization maintenance

Moving beyond the "it just works" developer mindset
02:54 MIN

Moving beyond the "it just works" developer mindset

Don't Be A Naive Developer: How To Avoid Basic Cybersecurity Mistakes

Featured Partners

Related Videos

See all videos
Passwordless Web 1.530:21

Passwordless Web 1.5

Paweł Łukaszuk

Going Beyond Passwords: The Future of User Authentication27:55

Going Beyond Passwords: The Future of User Authentication

Gift Egwuenu

IP Authentication: A Tale of Performance Pitfalls and Challenges in Prod18:34

IP Authentication: A Tale of Performance Pitfalls and Challenges in Prod

Christoph Eicke

Multiple Ships to the Island - Micro Frontends & Island Architectures59:03

Multiple Ships to the Island - Micro Frontends & Island Architectures

Florian Rappl

Single Server, Global Reach: Running a Worldwide Marketplace on Bare Metal in a Cloud-Dominated World50:06

Single Server, Global Reach: Running a Worldwide Marketplace on Bare Metal in a Cloud-Dominated World

Jens Happe

Catching up on the basics you don't really need that much code14:44

Catching up on the basics you don't really need that much code

Chris Heilmann

Forget Developer Platforms, Think Developer Productivity!57:45

Forget Developer Platforms, Think Developer Productivity!

Robert Hoffmann & Christian Denich

Delegating the chores of authenticating users to Keycloak23:42

Delegating the chores of authenticating users to Keycloak

Alexander Schwartz

From learning to earning

Jobs that call for the skills explored in this talk.

Security Architect

Amdaris
Bristol, United Kingdom

57K
Azure
DevOps
Amazon Web Services (AWS)