Beyond Passwords: How WebAuthn Actually Works • Eli Holderness • GOTO 2023
Vložit
- čas přidán 12. 09. 2024
- This presentation was recorded at GOTO Amsterdam 2023. #GOTOcon #GOTOams
gotoams.nl
Eli Holderness - Developer Advocate at Scaleway @Eli Holderness
RESOURCES
/ eliholderness
/ eli-holderness-4890b886
hachyderm.io/@eli
ABSTRACT
Passwords are a pain, and we all know it. They're either insecure or impossible to remember, and password managers can only go so far. How can we do better? The answer is WebAuthn.
WebAuthn is set of standards that allows you to use hardware authentication tokens (like a YubiKey) to authenticate with web services, and it's absolutely magic. Join me for a deep dive on what WebAuthn actually is, how it works, and how to implement it in your own web services. We'll also discuss the practicalities of using hardware tokens in practice, the protocols they use to interface with your devices, and the mysterious cryptography that they use to keep you safe. [...]
Read the full abstract here:
gotoams.nl/202...
RECOMMENDED BOOKS
Liz Rice • Container Security • amzn.to/3oU4iJe
Liz Rice • Kubernetes Security • www.oreilly.co...
Aaron Parecki • OAuth 2.0 Simplified • amzn.to/2A3IMOf
Aaron Parecki • OAuth 2.0 Servers • amzn.to/3ecHEsz
Aaron Parecki • The Little Book of OAuth 2.0 RFCs • amzn.to/3i7qnlC
Erdal Ozkaya • Cybersecurity: The Beginner's Guide • amzn.to/2T6OIj3
Richer & Sanso • OAuth 2 in Action • amzn.to/3hXiAH6
/ gotocon
/ goto-
/ gotoconferences
#Privacy #PasswordSecurity #WebAuthn #Passwords #Security #CyberSecurity #YubiKey #EliHolderness #SoftwareEngineering #Programming
Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at gotopia.tech
Sign up for updates and specials at gotopia.tech/n...
SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
www.youtube.co...
Eli Holderness delivered a very nice presentation! I've now listened to a few sessions on Passkey and her's stand out as easy to listen and easy to follow. 🌷
great talk, mentioning open passkey stores makes it a 10/10
thank you very much
I hate to say this, but there is a lot of wrong information in the section of this talk about passkeys. Storing passkeys with a cloud provider is an option, but it isn't necessary. You can absolutely have passkeys which only exist on your phone and never leave. You might _choose_ to allow it to be shared (end to end encrypted) via a cloud service, but it isn't necessary for passkeys.
Great talk!
nice talk