Inside the Paris Security Happy Hour: Tokens, Trust, and the Future of Digital Identity
Security leaders, CISOs, and tech professionals recently gathered at Dashlane’s Paris office for an evening of insights and debate as part of our international Security Happy Hour series.
We want to thank everyone who joined us in person for the great conversations that extended well beyond the talks themselves. A special thanks goes to our two guest speakers, Gianluca Varisco and Adam Surák, for their thought-provoking sessions that challenged how we think about identity, access, and trust online.
Talk 1: Securing OAuth tokens—the invisible key
Speaker: Gianluca Varisco, CEO, Netsec (former Principal Security Architect, Google Cloud)
Gianluca took us behind the scenes of OAuth, one of the most ubiquitous yet least visible parts of modern authentication. His talk unpacked how attackers are increasingly targeting OAuth tokens to bypass multi-factor authentication (MFA) and gain API-level access to sensitive data.
Through real-world examples, he showed how these tokens can become a single point of failure in otherwise well-defended systems.
Key takeaways:
- Treat OAuth tokens as crown jewels: They are powerful, persistent credentials.
- Attackers are targeting them: They actively bypass MFA and live off the land using stolen tokens.
- Defense requires a new mindset: Shift from perimeter defense to identity-centric monitoring.
- Start now: Audit your apps, tighten your token policies, and build your detection rules today.
Talk 2: From “I am not a robot” to verifiable humans
Speaker: Adam Surak, Senior Director of Engineering, Tools for Humanity
Adam’s session explored the evolving frontier of identity verification—from CAPTCHAs to cryptographic proofs of personhood. As AI blurs the line between human and machine activity, he argued that digital trust will increasingly rely on privacy-preserving attestations of humanity, not intrusive data collection.
Key takeaways:
- CAPTCHAs are losing ground: Traditional verification methods (like CAPTCHAs) are failing in an era of advanced automation.
- A new path for proving humanity: Verifiable credentials and zero-knowledge proofs offer a privacy-first way to prove humanity and integrity online.
- Trust is evolving: This paradigm could reshape everything from online communities to financial systems by enabling trust without surveillance.
Looking ahead to 2026
As always, the best part of the evening came after the talks—in the exchanges, questions, and connections between peers. We were even able to play with an Orb brought by Adam.
Events like these remind us that cybersecurity is not just about systems and code, but about people continuously learning from each other.
Sign up to receive news and updates about Dashlane
