Paweł Łukaszuk

Passwordless Web 1.5

Passwords are fundamentally broken, even with 2FA. Learn how passkeys provide true phishing resistance by design, eliminating server-side credential theft.

Passwordless Web 1.5
#1about 2 minutes

The fundamental security flaws of traditional passwords

Passwords suffer from issues like weakness, reuse across multiple accounts, and predictability, leading to widespread security vulnerabilities.

#2about 2 minutes

Why mandatory password rotation policies often fail

Forcing users to change passwords frequently leads to predictable patterns and weaker credentials, undermining the intended security benefits.

#3about 5 minutes

Risks from password managers and server-side storage

Even with strong passwords, security is compromised by vulnerabilities in password managers and poor server-side practices like weak hashing.

#4about 3 minutes

How phishing attacks can bypass two-factor authentication

Malicious actors can intercept one-time passwords to defeat common two-factor authentication, making physical security keys a stronger alternative.

#5about 3 minutes

Introducing passkeys for secure passwordless authentication

Passkeys leverage the FIDO2 and WebAuthn standards with public-key cryptography to provide a more secure and user-friendly login experience.

#6about 4 minutes

How to register and sign in using passkeys

The user workflow involves creating a passkey tied to a device's lock mechanism and then using that same mechanism for subsequent logins.

#7about 4 minutes

Using cross-device authentication for phishing resistance

Logging into a new device with a phone's passkey uses a QR code and Bluetooth for proximity detection, effectively preventing remote phishing attacks.

#8about 2 minutes

Strategies for managing passkeys across multiple devices

Users can manage their passkeys across different devices using built-in OS credential managers, third-party password managers, or physical hardware keys.

#9about 3 minutes

Current adoption and developer implementation challenges

While major platforms are adopting passkeys, implementation is complex for developers due to detailed specifications and a lack of reliable AI-generated code.

#10about 1 minute

The future outlook for passkey authentication

Although widespread adoption will take time, passkeys represent the most affordable and secure future for digital authentication.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Understanding the next generation of authentication with passkeys
17:18 MIN

Understanding the next generation of authentication with passkeys

Going Beyond Passwords: The Future of User Authentication

The impact of Passkeys on passwordless adoption
22:24 MIN

The impact of Passkeys on passwordless adoption

Passwordless future: WebAuthn and Passkeys in practice

Understanding passwordless authentication technologies
01:01 MIN

Understanding passwordless authentication technologies

Accelerating Authentication Architecture: Taking Passwordless to the Next Level

Exploring the user experience flaws in web authentication
00:29 MIN

Exploring the user experience flaws in web authentication

SSO with Ethereum and Next JS

Understanding the vulnerabilities of password-based authentication
00:21 MIN

Understanding the vulnerabilities of password-based authentication

No More Post-its: Boost your login security with APIs

The inherent weaknesses and risks of traditional passwords
00:47 MIN

The inherent weaknesses and risks of traditional passwords

Going Beyond Passwords: The Future of User Authentication

Introducing Passkeys to solve WebAuthn's usability issues
15:55 MIN

Introducing Passkeys to solve WebAuthn's usability issues

Passwordless future: WebAuthn and Passkeys in practice

Best practices for creating and managing secure passwords
03:32 MIN

Best practices for creating and managing secure passwords

Going Beyond Passwords: The Future of User Authentication

Featured Partners

Related Videos

See all videos
Going Beyond Passwords: The Future of User Authentication27:55

Going Beyond Passwords: The Future of User Authentication

Gift Egwuenu

Accelerating Authentication Architecture: Taking Passwordless to the Next Level49:52

Accelerating Authentication Architecture: Taking Passwordless to the Next Level

Yedidya Schwartz

No More Post-its: Boost your login security with APIs16:05

No More Post-its: Boost your login security with APIs

Alvaro Navarro

Typed Security: Preventing Vulnerabilities By Design58:19

Typed Security: Preventing Vulnerabilities By Design

Michael Koppmann

Security in modern Web Applications - OWASP to the rescue!26:59

Security in modern Web Applications - OWASP to the rescue!

Jakub Andrzejewski

Cracking the Code: Decoding Anti-Bot Systems!57:47

Cracking the Code: Decoding Anti-Bot Systems!

Fabien Vauchelles

Programming secure C#/.NET Applications: Dos & Don'ts33:29

Programming secure C#/.NET Applications: Dos & Don'ts

Sebastian Leuer

Break the Chain: Decentralized solutions for today’s Web2.0 privacy problems29:31

Break the Chain: Decentralized solutions for today’s Web2.0 privacy problems

Adam Larter

From learning to earning

Jobs that call for the skills explored in this talk.