BSidesSLC 2025 | The evolution of auth, from users to AI agents

Remember when building authentication for your app just meant having users create a username and password and letting them log in? Then we evolved to single sign-on for enterprise apps, and now we’re juggling passkeys syncing across devices, Windows Hello, social login everywhere, and AI agents trying to access our systems. Users have gone from accepting any login screen that worked to expecting authentication to be invisible and seamless across all their devices.

Having worked on supporting additional authentication options for a product before, I’ve seen the user requests continue to evolve. Through real examples (and a few war stories), I’ll walk through how authentication has transformed: from the expected basic password-based login, through the current world of biometrics and passkeys, to emerging patterns for AI authentication. We’ll look at what works, what breaks, and where we’re headed next.