The future is brighter without passwords

and phishing

Yuriy Ackermann

FIDO, Authentication and Security specialist

twitter/github: @herrjemand

yuriy@webauthn.global

Enter today

Everyone authenticates like this

Type this

Maybe this

Logged in

The problem

Users hate it, phishers love it

Users reuse passwords

OTP is really easy to phish (DNC hack 2016)

UX is terrible

Solution: FIDO2/Webauthn

Let's kill passwords and OTP in one shot

Username

Logged in

Biometrics or pin

How it works: simple

cc: FIDO Alliance

How it works: hard

What is authenticator?

Security keys

Built-in platform authrs
Currently Window 10 and Android > 7

So what is in the end?

  • No password - no phishing
  • No password - no leaking
  • User owns his PII
  • Better UX
  • If you into passwords, you can still use them but they never leave the device. No passwords over the internet
  • Biometrics never leaves the device. cc: FIDO privacy principles

Success stories

Made with Slides.com