Passwords are hard for users to manage and insecure for developers to store, making them vulnerable to phishing and theft.
The future of authentication moves away from what you know (passwords) to what you have (possession) and what you are (biometrics).
WebAuthn is a W3C standard and JavaScript API that enables passwordless authentication in web apps using modern cryptography.
A practical demonstration shows how a user can register and log in to a web application using a physical security key instead of a password.
WebAuthn uses a registration ceremony to create a public-private key pair and an authentication ceremony to verify identity with a challenge-response process.
WebAuthn has been a W3C standard since 2019 and is now supported by over 95% of modern browsers across all major platforms.
Early WebAuthn adoption was slow due to usability challenges like managing physical keys and syncing credentials across multiple devices.
Passkeys are WebAuthn credentials integrated into platform ecosystems like Apple ID and Google accounts, enabling seamless syncing and cross-device usage via QR codes.
The introduction of Passkeys by major platforms has significantly accelerated the adoption of passwordless authentication by improving usability and providing user education.
Common questions are addressed regarding credential recovery, phishing resistance, future-proofing against quantum computing, and usability for non-technical users.
zeb consulting
Frankfurt am Main, Germany
27:55Gift Egwuenu
30:21Paweł Łukaszuk
24:39Ramona Schwering
26:59Jakub Andrzejewski
27:36Tino Sokic
49:52Yedidya Schwartz
16:05Alvaro Navarro
33:29Sebastian Leuer
Jobs that call for the skills explored in this talk.
Atruvia AG
Karlsruhe, Germany
Atruvia AG
Aschheim, Germany
MELECS EWS GmbH
Graz, Austria
