Check the online version, I often update my slides.

Talk detail

How web app accounts are stolen nowadays and for the past 20 years and why. What “obstacles” the attackers have to bypass and what the developers and operators can do about it. We're managing some 40k SaaS shops and see accounts being taken over, credentials being reused and users (not) using 2FA much more often than we'd like to. But luckily we also try to fight all those things and I'd like to share our stories to sort of prove and show that apps can and should go beyond “password must contain uppercase, lowercase and a number”.

Date and event

December 2, 2025, PasswordsCon Prague 2025 (talk duration 45 minutes, video)

Video recording

Video recording

YouTube

Michal Špaček

Michal Špaček

I build web applications and I'm into web application security. I like to speak about secure development. My mission is to teach web developers how to build secure and fast web applications and why.

Public trainings

Come to my public trainings, everybody's welcome: