WebAuthn: Multi-factor Auth for Everyone
Benno is this guy who works for Yubico and has Opinions™.
Everyone generally agrees that passwords have problems. Many of the solutions tend to involve multi-factor authentication of some kind but that's always been a pain to implement in the browser, requiring custom backends or other tricky things.
Until now!
The WebAuthn standard, now at Candidate Review stage at W3C, allows for great ease of accessing extra authentication factors, Yubikeys, software tokens, maybe even biometrics, from browsers. It also specifies everything that’s needed in order to implement authentication workflows using these tokens.
This presentation will cover the history of multi-factor authentication and the issues it’s had in adoption, then go into an overview of the WebAuthn spec and how it works and finally demonstrate how to integrate it into various web frameworks. What's FIDO? What's CTAP? What even is a Relying Party and how can I get invited to one? Come and find out!
- Date:
- 2018 November 9 - 16:30
- Duration:
- 50 min
- Room:
- Room 3183
- Conference:
- Seattle GNU/Linux Conference 2018
- Language:
- Track:
- Security, Information Security
- Difficulty:
- Some experience required
- Computational Randomness: Controlled Chaos in an Ordered Machine
- Start Time:
- 2018 November 9 16:30
- Room:
- Room 3184
- Freedom and privacy in the Web
- Start Time:
- 2018 November 9 16:30
- Room:
- Room 3180
- etckeeper - revision control for configuration files
- Start Time:
- 2018 November 9 16:30
- Room:
- Room 3179