Passkeys and WebAuthn

Getting started with

Hello, There!

  • I'm a founding engineer @ Trinsic
  • BYU computer science graduate, class of 2023
  • I work with React, C#, TypeScript
  • I was born and raised in Brazil and moved to the U.S. in 2019

Follow along

TONIght's AGENDA

  • Take a quick overview of web identity (auth, MFA, etc.)
     
  • Discuss why passwords suck
     
  • Learn about the WebAuthn spec
     
  • Write a very basic WebAuthn server and client
     
  • Establish a distinction between WebAuthn and Passkeys

What is online identity?

[a form of identity] that an Internet user establishes in online communities and websites. It may also be an actively constructed presentation of oneself.

- Online identity, Wikipedia

Pillars of ONLINE identity

Knowledge
Possession
Inherence

FACTORS OF TRUST

STOP USING PASSWORDS

Webauthn spec

  • It is an authentication standard published by the W3C and FIDO alliance
     
  • It is based on the asymmetric (public-key) cryptography
     
  • Extremely phishing resistant
     
  • Trust can be based on multiple factors (i.e., knowledge, possession, inherence).
     
  • Largely supported by the major internet browsers

WEBauthn FLOW

LET'S CODE

ALL RIGHT, BUT what about passkeys?

Resources and references

LET'S CHAT!

AustinJS: Passkeys

By Lucas Castro

AustinJS: Passkeys

  • 64