WebAuthn 101 - Demystifying WebAuthn

Presented at Black Hat USA 2019, Aug. 8, 2019, 9 a.m. (25 minutes)

Five years later and we're finally at the finish line: Proposed recommendation for W3C WebAuthn. This talk will go into some detail on the use cases WebAuthn sets out solve, how we got here, what's ready for implementation today and what's coming. *Any* service implementing authentication should take note.<br><br><span>At Google I'm in the unique position to be part of the standards body, </span>heading<span> the team doing the implementation in platforms (Chrome, Android, CrOS) and responsible for our internal implementation so I have a pretty a </span>unique<span> perspective on this work.</span><br>

Presenters:

• Christiaan Brand - Security & Identity, Google
  Christiaan Brand co-founded financial services security firm, Entersekt in 2009. He has since moved to Google where he's part of their Security and Identity teams. Christiaan is a frequent industry commentator on all areas involving cyber-crime and cyber security and co-chair of the FIDO2 technical working group inside the FIDO (Fast IDentity Online) alliance looking to standardize strong online security protocols.

Links:

• https://www.blackhat.com/us-19/briefings/schedule/#webauthn-101---demystifying-webauthn-14687
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2019/WebAuthn 101 - Demystifying WebAuthn.mp4
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2019/WebAuthn 101 - Demystifying WebAuthn.en.transcribed.srt (subtitles)
• https://www.youtube.com/watch?v=RFACQvL_8S4

Similar Presentations:

• Black Hat Asia 2021 Virtual / Anti-Forensics: Reverse Engineering a Leading Phone Forensic Tool
• Black Hat USA 2022 / RollBack - A New Time-Agnostic Replay Attack Against the Automotive Remote Keyless Entry Systems
• Black Hat USA 2020 Virtual / A Framework for Evaluating and Patching the Human Factor in Cybersecurity