Passkeys and WebAuthn

Getting started with

Hello, There!

• I'm a founding engineer @ Trinsic
• BYU computer science graduate, class of 2023
• I work with React, C#, TypeScript
• I was born and raised in Brazil and moved to the U.S. in 2019

Follow along

TONIght's AGENDA

• Take a quick overview of web identity (auth, MFA, etc.)
   
• Discuss why passwords suck
   
• Learn about the WebAuthn spec
   
• Write a very basic WebAuthn server and client
   
• Establish a distinction between WebAuthn and Passkeys

What is online identity?

[a form of identity] that an Internet user establishes in online communities and websites. It may also be an actively constructed presentation of oneself.

- Online identity, Wikipedia

Pillars of ONLINE identity

Knowledge
Possession
Inherence

FACTORS OF TRUST

STOP USING PASSWORDS

Webauthn spec

• It is an authentication standard published by the W3C and FIDO alliance
   
• It is based on the asymmetric (public-key) cryptography
   
• Extremely phishing resistant
   
• Trust can be based on multiple factors (i.e., knowledge, possession, inherence).
   
• Largely supported by the major internet browsers

WEBauthn FLOW

LET'S CODE

Link to the repository

ALL RIGHT, BUT what about passkeys?

Resources and references

• WebAuthn Spec
   
• FIDO Alliance Passkeys
   
• WebAuthn Guide
   
• Making WebAuthn a Password Replacement
   
• Full Stack Authentication by Max Firtman
   
• WebAuthn Demo
   
• Paskeys Demo

LET'S CHAT!

• LinkedIn - /in/lucasamonrc
   
• E-mail - hello@lucasamonrc.dev
   
• Website - lucasamonrc.dev
   
• GitHub - /lucasamonrc