Alejandro Oviedo García
Alejandro is a developer who loves learning new things. He is passionate about education, electronics, Open Source, and community-driven events.
passwords are dead,
long live passwords!
Hi, I'm Alejandro (@a0viedo on social media)
I work on systems
I'm a GDE for the Web platform
I co-organize NodeConf Argentina
this talk is about the web
but first, a recap on passwords
NIST Special Publication 800-63. Appendix A., 2003
“[Passwords] just don’t meet the challenge for anything you really want to secure.”
Bill Gates
“An investigation into users’ considerations towards using password managers”
Fagan, Albayram, Khan and Buck - 2017
More “users” than “non-users” in our sample report higher technical expertise, especially in the area of computer security, which could reflect an actual higher technical proficiency among “users”
enter a new era
FIDO
webauthn
CTAP1
UAF
U2F
Registration
- Client requests a challenge for the user
- Server sends a challenge
- Client uses Webauthn to get information about the authenticator and signs the challenge
- Client sends back result to server
- Server replies if it's successful or no
Login
- Client requests a challenge for the user
- Server sends a challenge
- Client uses Webauthn to sign the challenge
- Client sends back result to server
- Server replies if it's successful or no
demo
enter a new era v2
FIDO2
webauthn
CTAP2
single factor
second factor
multi-factor
w/ or w/o passwords
will this means it's the end of passwords?
thanks for listening
bit.ly/passwords-are-dead
@a0viedo
Passwords are dead! Long live passwords
By Alejandro Oviedo García
