Paweł Łukaszuk

Passwordless Web 1.5

Passwords are fundamentally broken, even with 2FA. Learn how passkeys provide true phishing resistance by design, eliminating server-side credential theft.

Passwordless Web 1.5
#1about 2 minutes

The fundamental security flaws of traditional passwords

Passwords suffer from issues like weakness, reuse across multiple accounts, and predictability, leading to widespread security vulnerabilities.

#2about 2 minutes

Why mandatory password rotation policies often fail

Forcing users to change passwords frequently leads to predictable patterns and weaker credentials, undermining the intended security benefits.

#3about 5 minutes

Risks from password managers and server-side storage

Even with strong passwords, security is compromised by vulnerabilities in password managers and poor server-side practices like weak hashing.

#4about 3 minutes

How phishing attacks can bypass two-factor authentication

Malicious actors can intercept one-time passwords to defeat common two-factor authentication, making physical security keys a stronger alternative.

#5about 3 minutes

Introducing passkeys for secure passwordless authentication

Passkeys leverage the FIDO2 and WebAuthn standards with public-key cryptography to provide a more secure and user-friendly login experience.

#6about 4 minutes

How to register and sign in using passkeys

The user workflow involves creating a passkey tied to a device's lock mechanism and then using that same mechanism for subsequent logins.

#7about 4 minutes

Using cross-device authentication for phishing resistance

Logging into a new device with a phone's passkey uses a QR code and Bluetooth for proximity detection, effectively preventing remote phishing attacks.

#8about 2 minutes

Strategies for managing passkeys across multiple devices

Users can manage their passkeys across different devices using built-in OS credential managers, third-party password managers, or physical hardware keys.

#9about 3 minutes

Current adoption and developer implementation challenges

While major platforms are adopting passkeys, implementation is complex for developers due to detailed specifications and a lack of reliable AI-generated code.

#10about 1 minute

The future outlook for passkey authentication

Although widespread adoption will take time, passkeys represent the most affordable and secure future for digital authentication.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Crypto crime, EU regulation, and working while you sleep
01:15 MIN

Crypto crime, EU regulation, and working while you sleep

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

The importance of client-side encryption for AI features
03:16 MIN

The importance of client-side encryption for AI features

AI in the Open and in Browsers - Tarek Ziadé

Malware campaigns, cloud latency, and government IT theft
01:06 MIN

Malware campaigns, cloud latency, and government IT theft

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

Comparing the security models of browsers and native apps
05:01 MIN

Comparing the security models of browsers and native apps

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

Improving the developer feedback loop with specialized tools
03:16 MIN

Improving the developer feedback loop with specialized tools

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

The trend of browsers depending on online services
06:23 MIN

The trend of browsers depending on online services

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

The security challenges of building AI browser agents
06:33 MIN

The security challenges of building AI browser agents

AI in the Open and in Browsers - Tarek Ziadé

Understanding browser APIs that rely on company services
04:30 MIN

Understanding browser APIs that rely on company services

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

Featured Partners

Related Videos

See all videos
Passwordless future: WebAuthn and Passkeys in practice32:32

Passwordless future: WebAuthn and Passkeys in practice

Clemens Hübner

Going Beyond Passwords: The Future of User Authentication27:55

Going Beyond Passwords: The Future of User Authentication

Gift Egwuenu

Accelerating Authentication Architecture: Taking Passwordless to the Next Level49:52

Accelerating Authentication Architecture: Taking Passwordless to the Next Level

Yedidya Schwartz

No More Post-its: Boost your login security with APIs16:05

No More Post-its: Boost your login security with APIs

Alvaro Navarro

Typed Security: Preventing Vulnerabilities By Design58:19

Typed Security: Preventing Vulnerabilities By Design

Michael Koppmann

Security in modern Web Applications - OWASP to the rescue!26:59

Security in modern Web Applications - OWASP to the rescue!

Jakub Andrzejewski

Cracking the Code: Decoding Anti-Bot Systems!57:47

Cracking the Code: Decoding Anti-Bot Systems!

Fabien Vauchelles

Architecting API Security47:34

Architecting API Security

Philippe De Ryck

Related Articles

View all articles
CH
Chris Heilmann
The top 200 passwords of 2024 can be cracked in less than a second
Passwords are a pain and with biometric logins, passkeys and other two factor authentication methods should be a thing of the past. In reality, though, a lot of systems still use username and password as the only security measure and users choose al...
The top 200 passwords of 2024 can be cracked in less than a second
DC
Daniel Cranney
Dev Digest 167: Open Source AI, Passwordless Microsoft and Vibe Coding
Inside last week’s Dev Digest 167 . 🖼️ Is vibe coding killing creativity? 🌳 Is ChatGPT not as bad for the environment as we think? ⚠️ 95% of AppSec fixes don’t reduce risks 🔑 Microsoft going passwordless 🧠 How to detect memory leaks in your apps 🟨 V...
Dev Digest 167: Open Source AI, Passwordless Microsoft and Vibe Coding

From learning to earning

Jobs that call for the skills explored in this talk.