Everyone generally agrees that passwords have problems. Many of the solutions tend to involve multi-factor authentication of some kind but that's always been a pain to implement in the browser, requiring custom backends or other tricky things.

Until now!

The WebAuthn standard, now at Candidate Review stage at W3C, allows for great ease of accessing extra authentication factors, Yubikeys, software tokens, maybe even biometrics, from browsers. It also specifies everything that’s needed in order to implement authentication workflows using these tokens.

This presentation will cover the history of multi-factor authentication and the issues it’s had in adoption, then go into an overview of the WebAuthn spec and how it works and finally demonstrate how to integrate it into various web frameworks. What's FIDO? What's CTAP? What even is a Relying Party and how can I get invited to one? Come and find out!