Presented by Lucas Castro
✅ What is WebAuthn
✅ What is a Passkey
✅ What problems it solves
✅ How to implement registration
✅ How to implement verification
✅ Limitations and concerns
⛔️ User, session, or credential management
⛔️ Passkey extensions
⛔️ An in-depth look into WebAuthn options
⛔️ Method comparisons
Google / Harris Poll
Passwords.
Passwords are the problem.
No more shared secrets
WebAuthn is a specification.
The spec prescribes data models and an API to allow servers to register and authenticate users with public key cryptography
Currently implemented and supported in all major browsers:
For the purposes of this talk, we will define WebAuthn as the specification (API + data models)
Passkeys are the WebAuthn credentials used during passwordless authentication
Registration
Authentication / Verification
Credits: https://webauthn.guide/
Credits: https://webauthn.guide/