Paweł Łukaszuk

Passwordless Web 1.5

Passwords are fundamentally broken, even with 2FA. Learn how passkeys provide true phishing resistance by design, eliminating server-side credential theft.

Passwordless Web 1.5
#1about 2 minutes

The fundamental security flaws of traditional passwords

Passwords suffer from issues like weakness, reuse across multiple accounts, and predictability, leading to widespread security vulnerabilities.

#2about 2 minutes

Why mandatory password rotation policies often fail

Forcing users to change passwords frequently leads to predictable patterns and weaker credentials, undermining the intended security benefits.

#3about 5 minutes

Risks from password managers and server-side storage

Even with strong passwords, security is compromised by vulnerabilities in password managers and poor server-side practices like weak hashing.

#4about 3 minutes

How phishing attacks can bypass two-factor authentication

Malicious actors can intercept one-time passwords to defeat common two-factor authentication, making physical security keys a stronger alternative.

#5about 3 minutes

Introducing passkeys for secure passwordless authentication

Passkeys leverage the FIDO2 and WebAuthn standards with public-key cryptography to provide a more secure and user-friendly login experience.

#6about 4 minutes

How to register and sign in using passkeys

The user workflow involves creating a passkey tied to a device's lock mechanism and then using that same mechanism for subsequent logins.

#7about 4 minutes

Using cross-device authentication for phishing resistance

Logging into a new device with a phone's passkey uses a QR code and Bluetooth for proximity detection, effectively preventing remote phishing attacks.

#8about 2 minutes

Strategies for managing passkeys across multiple devices

Users can manage their passkeys across different devices using built-in OS credential managers, third-party password managers, or physical hardware keys.

#9about 3 minutes

Current adoption and developer implementation challenges

While major platforms are adopting passkeys, implementation is complex for developers due to detailed specifications and a lack of reliable AI-generated code.

#10about 1 minute

The future outlook for passkey authentication

Although widespread adoption will take time, passkeys represent the most affordable and secure future for digital authentication.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Selecting strategic partners and essential event tools
03:17 MIN

Selecting strategic partners and essential event tools

Cat Herding with Lions and Tigers - Christian Heilmann

Organizing a developer conference for 15,000 attendees
01:32 MIN

Organizing a developer conference for 15,000 attendees

Cat Herding with Lions and Tigers - Christian Heilmann

Increasing the value of talk recordings post-event
04:57 MIN

Increasing the value of talk recordings post-event

Cat Herding with Lions and Tigers - Christian Heilmann

Using content channels to build an event community
04:49 MIN

Using content channels to build an event community

Cat Herding with Lions and Tigers - Christian Heilmann

Establishing a single source of truth for all data
02:39 MIN

Establishing a single source of truth for all data

Cat Herding with Lions and Tigers - Christian Heilmann

Why HR struggles with technology implementation and adoption
04:22 MIN

Why HR struggles with technology implementation and adoption

What 2025 Taught Us: A Year-End Special with Hung Lee

Rapid-fire thoughts on the future of work
02:44 MIN

Rapid-fire thoughts on the future of work

What 2025 Taught Us: A Year-End Special with Hung Lee

Developing resilience by expanding your capacity for failure
04:57 MIN

Developing resilience by expanding your capacity for failure

What 2025 Taught Us: A Year-End Special with Hung Lee

Featured Partners

Related Videos

See all videos
Passwordless future: WebAuthn and Passkeys in practice32:32

Passwordless future: WebAuthn and Passkeys in practice

Clemens Hübner

Going Beyond Passwords: The Future of User Authentication27:55

Going Beyond Passwords: The Future of User Authentication

Gift Egwuenu

Accelerating Authentication Architecture: Taking Passwordless to the Next Level49:52

Accelerating Authentication Architecture: Taking Passwordless to the Next Level

Yedidya Schwartz

No More Post-its: Boost your login security with APIs16:05

No More Post-its: Boost your login security with APIs

Alvaro Navarro

Typed Security: Preventing Vulnerabilities By Design58:19

Typed Security: Preventing Vulnerabilities By Design

Michael Koppmann

Security in modern Web Applications - OWASP to the rescue!26:59

Security in modern Web Applications - OWASP to the rescue!

Jakub Andrzejewski

Cracking the Code: Decoding Anti-Bot Systems!57:47

Cracking the Code: Decoding Anti-Bot Systems!

Fabien Vauchelles

Getting under the skin: The Social Engineering techniques43:56

Getting under the skin: The Social Engineering techniques

Mauro Verderosa

Related Articles

View all articles
CH
Chris Heilmann
The top 200 passwords of 2024 can be cracked in less than a second
Passwords are a pain and with biometric logins, passkeys and other two factor authentication methods should be a thing of the past. In reality, though, a lot of systems still use username and password as the only security measure and users choose al...
The top 200 passwords of 2024 can be cracked in less than a second
DC
Daniel Cranney
Dev Digest 167: Open Source AI, Passwordless Microsoft and Vibe Coding
Inside last week’s Dev Digest 167 . 🖼️ Is vibe coding killing creativity? 🌳 Is ChatGPT not as bad for the environment as we think? ⚠️ 95% of AppSec fixes don’t reduce risks 🔑 Microsoft going passwordless 🧠 How to detect memory leaks in your apps 🟨 V...
Dev Digest 167: Open Source AI, Passwordless Microsoft and Vibe Coding

From learning to earning

Jobs that call for the skills explored in this talk.

Security Engineer

Security Engineer

Dashlane
Paris, France

Remote
Azure
Terraform
Kubernetes
Amazon Web Services (AWS)