Presented by:

B8b2be2fb4b07bea4f24385f710f3e84

Benno Rice (benno@jeamland.net)

Benno is this guy who works for Yubico and has Opinions™.

No video of the event yet, sorry!

Everyone generally agrees that passwords have problems. Many of the solutions tend to involve multi-factor authentication of some kind but that's always been a pain to implement in the browser, requiring custom backends or other tricky things.

Until now!

The WebAuthn standard, now at Candidate Review stage at W3C, allows for great ease of accessing extra authentication factors, Yubikeys, software tokens, maybe even biometrics, from browsers. It also specifies everything that’s needed in order to implement authentication workflows using these tokens.

This presentation will cover the history of multi-factor authentication and the issues it’s had in adoption, then go into an overview of the WebAuthn spec and how it works and finally demonstrate how to integrate it into various web frameworks. What's FIDO? What's CTAP? What even is a Relying Party and how can I get invited to one? Come and find out!

Date:
2018 November 9 - 16:30
Duration:
50 min
Room:
Room 3183
Conference:
Seattle GNU/Linux Conference 2018
Language:
Track:
Security, Information Security
Difficulty:
Some experience required

Happening at the same time:

  1. Computational Randomness: Controlled Chaos in an Ordered Machine
  2. Start Time:
    2018 November 9 16:30

    Room:
    Room 3184

  3. Freedom and privacy in the Web
  4. Start Time:
    2018 November 9 16:30

    Room:
    Room 3180

  5. etckeeper - revision control for configuration files
  6. Start Time:
    2018 November 9 16:30

    Room:
    Room 3179