Passkeys: Truly Phishing-Resistant? Implementation and Pitfalls

Passkeys have established themselves as the standard for passwordless authentication, promising to eliminate phishing once and for all. But how secure are they really – and what do developers need to consider during implementation to keep that promise? This talk goes beyond the basics and demonstrates through live coding how to integrate Passkeys with Keycloak. We'll uncover common pitfalls and explain which configurations are critical to ensure true phishing resistance. Practical examples and concrete code demos will help you integrate Passkeys securely and user-friendly into your own applications.