We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
RailsConf 2023 - Go Passwordless with WebAuthn in Ruby by Braulio Martinez
Discover how to revolutionize the way you think about authentication with WebAuthn, a passwordless standard that uses public key cryptography and possession factors to secure user identities.
- WebAuthn is a passwordless authentication standard that uses public key cryptography and relies on possession factors such as hardware devices, biometric data, or PINs.
- WebAuthn was born out of a need to address phishing attacks, password reuse, and other security issues that have plagued the industry for decades.
- The standard defines three entities: the authenticator (e.g. a security key), the client (e.g. a web browser), and the relying party (e.g. a web server).
- The registration process involves a ceremony where the user interacts with the authenticator and the client to create a new WebAuthn credential.
- WebAuthn credentials can be used for multi-device authentication, allowing users to access their accounts across multiple devices.
- Pasqui is a type of WebAuthn credential that uses a single credential for multiple devices, making it a convenient option for users.
- WebAuthn is not without its challenges, including the need for browsers to support the standard and the potential for phishing attacks.
- Adoption of WebAuthn is growing, with major companies like Google, Apple, and Microsoft supporting the standard.
- The FIDO Alliance, a non-profit organization, is working to promote the adoption of WebAuthn and other passwordless authentication standards.
- WebAuthn is not a panacea for all security issues, but it is a step in the right direction towards more secure and convenient authentication methods.