BSidesSeattle 2025 | When authn breaks: real world failures

Authentication failures can be devastating, yet we keep seeing the same patterns in the industry across incidents. Although painful, these breaches are still how our industry learns and improves — as long as we actually apply those lessons.

We’ll talk through real case studies including the Okta/LAPSUS$ breach, CircleCI token compromise, and Uber MFA bypass — to examine why authentication systems fail and what critical signals were missed. We’ll talk through lessons learned, and how you can avoid similar issues in your environment, whether your organization is a builder or user of identity providers. You’ll leave understanding common auth system blind spots and how to avoid them.