Passwordless future: Using WebAuthn and Passkeys in practice
Conference: Global AppSec Dublin 2023
2023-02-15
Authors: Clemens Hübner
Summary
Passkeys are the next evolution step of web authentication, solving problems with passwords and making authentication more secure. They are included in the app ecosystem and allow for smoother authentication between different clients. However, using passkeys binds users to existing oligopolies of big user providers, and it is unclear how independent web authentication can remain from these platforms in the future.
- Passkeys solve problems with passwords and make authentication more secure
- Passkeys are included in the app ecosystem and allow for smoother authentication between different clients
- Using passkeys binds users to existing oligopolies of big user providers
- It is unclear how independent web authentication can remain from these platforms in the future
Abstract
With the WebAuthn specification, a promising option for passwordless authentication in web browsers was published in March 2019. Until last year, adaption in websites and applications only grew slowly. In 2022, both Google and Apple introduced the integration of passkeys in their identity systems, giving hope for further progress. This session will explain the basics of WebAuthn and passkeys and evaluate the state of adoption both on client and server side. It will then focus on the practical realization when developing a web application: How to build a passwordless authentication yourself? Which features make it easier or more difficult to use in web applications? What are the impressions from practical use? In the end, the talk will also shed a light on future developments in the WebAuthn environment. During the session, attendees will understand the principles of WebAuthn. They will get to know the possibilities and use cases of Passkeys. They will also learn how to integrate these features in new or existing applications.
Materials: