Passkeys
A possible future without passwords
How many accounts do you have on the Web?
Do you remember all of your passwords?
Do you reuse some of your passwords?
Josué Bouchard
Computer Science Student
josuebouchard
Paswords
Paswords
Easy
To remember
Hard
To guess
Paswords
Easy
To remember
Hard
To guess
Paswords
Most people don't use two-factor authentication
If you are NOT using 2FA
your password is the only barrier between an attacker and your data
It's DEMO TIME!
Passkeys
Passkeys
Phishing
resistance
Data-breach
resistance
Two main objectives
Phishing resistance
[tricking] users into accessing a fake Web site and divulging personal information.
Phishing resistance
-
Two-factor authentication built-in
- Something you have (device)
- Something you are (biometric data)
- Each passkey only works for the website it was created
- For cross-device sign-in, proximity is required
Data-breach resistance
[...] any security incident that results in unauthorized access to confidential information
Data-breach resistance
-
Adobe (2013)
-
Ebay (2014)
-
Yahoo (2016)
-
Facebook (2021)
Data-breach resistance
-
Servers only store public keys
-
With passkeys, there is no reuse of keys
Other goodies
-
Cross-device authentication
-
Device-only passkeys
Let's recap
-
Passkeys focus on being resistant to:
-
phishing
-
data breaches
-
-
They are more secure, convenient, and simple than passwords
Passkeys
By Josue Bouchard
Passkeys
- 6