About This Talk
Web Authentication API (WebAuthn) is a phishing-proof technology that is expected to replace passwords. The technology is available since 2019, but in 2022, Apple, Google, and Microsoft agreed to support Passkeys, solving challenges facing the wide deployment of WebAuthn API. Passkeys is an extension to WebAuthn that allows the user to use a key credential stored in a device to log in on another device. e.g. you can use the key stored on your phone to log in on a browser on a Windows device. The communication is done over Bluetooth Low Energy (BLE). Passkeys are now supported on iOS/iPad 16, Mac OS X Ventura, and Andriod phones, and can be used by Chromium-based browsers and Safari. The talk will cover the following
- what is WebAuthn and how it is phishing resistant even during a man-in-the-middle attack,
- challenges in WebAuthn,
- what are Passkeys and how they solved WebAuth challenges,
- State of Passkeys,
- Demo the usage of passkeys and their user experience.
- How to integrate passkeys in your current Django project by
django-passkeys
.