Back to 2019 AgendaForget your passwords with the Web Authentication API
π 12:20 pm - π RR5Passwords are hard. Data breaches frequently expose poor security practices, proving that, as an industry, we're not very good at this. As developers have become more aware of these challenges, we've tried to offload password management to "the big guns", making our lives easier, but what about our users? From confusing or ineffective password complexity restrictions to password fields you can't paste into, it's no wonder so many people find one password and stick with it.
The Web Authentication API (WebAuthn) allows you to build passwordless authentication or two factor authentication into your web applications seamlessly in the browser. Using an asymmetric key pair where the public key is sent to a server, and the private key stored securely on your device, your secrets are never sent over the internet, greatly reducing the risk of phishing attempts.
This talk will provide an introduction to WebAuthn, outlining the benefits, tradeoffs, and future of this new authentication protocol. Through a code demonstration, you will see how to build an experience that puts control over their credentials (literally) back into the hands of your users.