Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Passkeys, FIDO2, WebAuthn… What does it all mean?

danjenkins
October 20, 2023

Passkeys, FIDO2, WebAuthn… What does it all mean?

Protecting your online identities has become a huge pain in the rear.
2FA in the forms of SMS, TOTP, Password Managers, FIDO, U2F and now Passkeys – it’s just too much.
Unless you’re a ‘geek’ how can you hope to protect your online identities in the best way possible?
Passkeys are here to help answer that question. This session takes a look at Passkeys, how they work and whether you should all throw away your security keys in favour of them.

danjenkins

October 20, 2023
Tweet

More Decks by danjenkins

Other Decks in Technology

Transcript

  1. • Founder of Everycast Labs, Nimble Ape • Creator of

    CommCon • Was the fi rst "Google Developer Expert" in WebRTC • Loves LEGO • Loves Real-Time Media • Loves developing for "the web" • @dan_jenkins / @[email protected] Dan Jenkins
  2. • Real-Time Communication consultancy • Based in the UK •

    Work with Open Source Real-Time Comms • VoIP, WebRTC, Broadcast • Got a problem you want help with? Let us know • [email protected] Nimble Ape
  3. • Creators of Broadcast Bridge • A Platform as a

    Service for bringing in remote talent into production AV work fl ows • We work with WebRTC / SRT / NDI / Decklink & AJA cards. • Bridging Real-Time Comms with the "Broadcast" industry is fun! • [email protected] Everycast Labs
  4. • Residential Event in the UK for "Open Media" -

    Real-Time or not • Everyone stays in the same hotel • Top quality production values • 5 Years worth of content on our YouTube Channel • commcon.xyz • (currently looking for sponsorship to make 2024 happen, let us know if you're interested) CommCon
  5. Something You Know: This Could Be a Personal Identification Number

    (PIN), a Password, Answers to “Secret Questions” or a Specific Keystroke Pattern Something You Have: Typically, a User Would Have Something in Their Possession, Like a Credit Card, a Smartphone, or a Small Hardware Token Something You Are: This Category Is a Little More Advanced, and Might Include Biometric Pattern of a Fingerprint, an Iris Scan, or a Voice Print https://authy.com/what-is-2fa/
  6. 2FA Options • SMS (Please... don't) • TOTP (codes in

    an app) • WebAuthn / FIDO (security keys) • App based Push Noti fi cations • Voice based codes
  7. In Short... FIDO2 Is a Specifiction on "How" To Do

    the Security With Devices WebAuthn Enables the Web Browsers To Use Those Standards
  8. NO!

  9. Something You Know: This Could Be a Personal Identification Number

    (PIN), a Password, Answers to “Secret Questions” or a Specific Keystroke Pattern Something You Have: Typically, a User Would Have Something in Their Possession, Like a Credit Card, a Smartphone, or a Small Hardware Token Something You Are: This Category Is a Little More Advanced, and Might Include Biometric Pattern of a Fingerprint, an Iris Scan, or a Voice Print 2FA =
  10. Because a Unique Public Key Is More Secure Than a

    Password Used Across *N Websites.
  11. They Sync With Your Other Devices Password managers are slowly

    getting there so you don't have to rely on Google or Apple