Passwords suffer from issues like weakness, reuse across multiple accounts, and predictability, leading to widespread security vulnerabilities.
Forcing users to change passwords frequently leads to predictable patterns and weaker credentials, undermining the intended security benefits.
Even with strong passwords, security is compromised by vulnerabilities in password managers and poor server-side practices like weak hashing.
Malicious actors can intercept one-time passwords to defeat common two-factor authentication, making physical security keys a stronger alternative.
Passkeys leverage the FIDO2 and WebAuthn standards with public-key cryptography to provide a more secure and user-friendly login experience.
The user workflow involves creating a passkey tied to a device's lock mechanism and then using that same mechanism for subsequent logins.
Logging into a new device with a phone's passkey uses a QR code and Bluetooth for proximity detection, effectively preventing remote phishing attacks.
Users can manage their passkeys across different devices using built-in OS credential managers, third-party password managers, or physical hardware keys.
While major platforms are adopting passkeys, implementation is complex for developers due to detailed specifications and a lack of reliable AI-generated code.
Although widespread adoption will take time, passkeys represent the most affordable and secure future for digital authentication.
Bitpanda
Vienna, Austria
24:39Ramona Schwering
16:05Alvaro Navarro
32:32Clemens Hübner
27:55Gift Egwuenu
57:47Fabien Vauchelles
29:31Adam Larter
36:33Marcel Lupo
49:52Yedidya Schwartz
Jobs that call for the skills explored in this talk.
