Paweł Łukaszuk

Passwordless Web 1.5

Passwords are fundamentally broken, even with 2FA. Learn how passkeys provide true phishing resistance by design, eliminating server-side credential theft.

Passwordless Web 1.5
#1about 2 minutes

The fundamental security flaws of traditional passwords

Passwords suffer from issues like weakness, reuse across multiple accounts, and predictability, leading to widespread security vulnerabilities.

#2about 2 minutes

Why mandatory password rotation policies often fail

Forcing users to change passwords frequently leads to predictable patterns and weaker credentials, undermining the intended security benefits.

#3about 5 minutes

Risks from password managers and server-side storage

Even with strong passwords, security is compromised by vulnerabilities in password managers and poor server-side practices like weak hashing.

#4about 3 minutes

How phishing attacks can bypass two-factor authentication

Malicious actors can intercept one-time passwords to defeat common two-factor authentication, making physical security keys a stronger alternative.

#5about 3 minutes

Introducing passkeys for secure passwordless authentication

Passkeys leverage the FIDO2 and WebAuthn standards with public-key cryptography to provide a more secure and user-friendly login experience.

#6about 4 minutes

How to register and sign in using passkeys

The user workflow involves creating a passkey tied to a device's lock mechanism and then using that same mechanism for subsequent logins.

#7about 4 minutes

Using cross-device authentication for phishing resistance

Logging into a new device with a phone's passkey uses a QR code and Bluetooth for proximity detection, effectively preventing remote phishing attacks.

#8about 2 minutes

Strategies for managing passkeys across multiple devices

Users can manage their passkeys across different devices using built-in OS credential managers, third-party password managers, or physical hardware keys.

#9about 3 minutes

Current adoption and developer implementation challenges

While major platforms are adopting passkeys, implementation is complex for developers due to detailed specifications and a lack of reliable AI-generated code.

#10about 1 minute

The future outlook for passkey authentication

Although widespread adoption will take time, passkeys represent the most affordable and secure future for digital authentication.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Examining password security and platform reliability
09:23 MIN

Examining password security and platform reliability

WeAreDevelopers LIVE – Web Scraping, Agents, Actors and more

The impact of Passkeys on passwordless adoption
22:24 MIN

The impact of Passkeys on passwordless adoption

Passwordless future: WebAuthn and Passkeys in practice

Understanding passwordless authentication technologies
01:01 MIN

Understanding passwordless authentication technologies

Accelerating Authentication Architecture: Taking Passwordless to the Next Level

Understanding the next generation of authentication with passkeys
17:18 MIN

Understanding the next generation of authentication with passkeys

Going Beyond Passwords: The Future of User Authentication

Introducing Passkeys to solve WebAuthn's usability issues
15:55 MIN

Introducing Passkeys to solve WebAuthn's usability issues

Passwordless future: WebAuthn and Passkeys in practice

How Passkeys improve the user experience
18:36 MIN

How Passkeys improve the user experience

Passwordless future: WebAuthn and Passkeys in practice

Answering key questions about Passkeys and WebAuthn
25:47 MIN

Answering key questions about Passkeys and WebAuthn

Passwordless future: WebAuthn and Passkeys in practice

Q&A on career path and the future of passwordless
33:10 MIN

Q&A on career path and the future of passwordless

Accelerating Authentication Architecture: Taking Passwordless to the Next Level

Featured Partners

Related Videos

See all videos
Passwordless future: WebAuthn and Passkeys in practice32:32

Passwordless future: WebAuthn and Passkeys in practice

Clemens Hübner

Going Beyond Passwords: The Future of User Authentication27:55

Going Beyond Passwords: The Future of User Authentication

Gift Egwuenu

Accelerating Authentication Architecture: Taking Passwordless to the Next Level49:52

Accelerating Authentication Architecture: Taking Passwordless to the Next Level

Yedidya Schwartz

No More Post-its: Boost your login security with APIs16:05

No More Post-its: Boost your login security with APIs

Alvaro Navarro

Typed Security: Preventing Vulnerabilities By Design58:19

Typed Security: Preventing Vulnerabilities By Design

Michael Koppmann

Security in modern Web Applications - OWASP to the rescue!26:59

Security in modern Web Applications - OWASP to the rescue!

Jakub Andrzejewski

Cracking the Code: Decoding Anti-Bot Systems!57:47

Cracking the Code: Decoding Anti-Bot Systems!

Fabien Vauchelles

Programming secure C#/.NET Applications: Dos & Don'ts33:29

Programming secure C#/.NET Applications: Dos & Don'ts

Sebastian Leuer

Related Articles

View all articles
CH
Chris Heilmann
The top 200 passwords of 2024 can be cracked in less than a second
Passwords are a pain and with biometric logins, passkeys and other two factor authentication methods should be a thing of the past. In reality, though, a lot of systems still use username and password as the only security measure and users choose al...
The top 200 passwords of 2024 can be cracked in less than a second
DC
Daniel Cranney
Dev Digest 194: AI vs. Version Control, Password Louvre & Cursed Webdev
Inside last week’s Dev Digest 194 . 🧠 Learn how to become an AI-native software engineer 🤷‍♂️ How can you stand out when anyone can build anything? 👂 Whisper Leak allows listening to encrypted chats 🐝 What’s new the OWASP2025 Top Ten List 🙅‍♀️ Curse...
Dev Digest 194: AI vs. Version Control, Password Louvre & Cursed Webdev
DC
Daniel Cranney
Dev Digest 167: Open Source AI, Passwordless Microsoft and Vibe Coding
Inside last week’s Dev Digest 167 . 🖼️ Is vibe coding killing creativity? 🌳 Is ChatGPT not as bad for the environment as we think? ⚠️ 95% of AppSec fixes don’t reduce risks 🔑 Microsoft going passwordless 🧠 How to detect memory leaks in your apps 🟨 V...
Dev Digest 167: Open Source AI, Passwordless Microsoft and Vibe Coding
DC
Daniel Cranney
Dev Digest 170: All things MCP, huge login data leaks and web privacy
Inside last week’s Dev Digest 170 . 🙌 MCP - Hype or hope? 🤖 Hidden costs of AI coding 😬 2 billion Discord messages leaked 🕵️ W3C releases web privacy principles ⚠️ Detecting malicious unicode 🎂 The history of JavaScript and Java at 30 ▦ A Tailwind g...
Dev Digest 170: All things MCP, huge login data leaks and web privacy

From learning to earning

Jobs that call for the skills explored in this talk.

Security Engineer

Security Engineer

Dashlane
Paris, France

Remote
Azure
Terraform
Kubernetes
Amazon Web Services (AWS)