Passwords are dead? Long live WebAuthn!

Presented at Kernelcon 2020 Virtual, March 27, 2020, 10:30 a.m. (60 minutes).

Password security is getting out of hand. You only need to watch the latest news stories about large-scale breaches or visit the haveibeenpwned site to see the current state of password security. Expecting end users to invent complex passwords for every web site they visit is untenable. Wouldn't it be great if there was some new technology that uses public key exchange and biometrics to get rid of passwords all together? Well, that technology is here. WebAuthn (Web Authentication) is a web standard published in 2019 by the World Wide Web Consortium (W3C). The goal of the project is to standardize an interface for authenticating users to web-based applications and services using public-key cryptography instead of passwords. Despite being an emerging technology, this standard has already been adopted by leading browsers and platforms. This talk aims to shed light the technical details of what WebAuthn is and how it works. We will also cover the security pros and cons of this new standard and make predictions about what this may mean for the future of web application security. This is an introductory talk. You do not need any prior knowledge of web authentication or cryptography to benefit from this talk.


Presenters:

  • Alex Lauerman - TrustFoundry
    Alex is a penetration tester based in Overland Park, Kansas. Alex is thankful for being able to spend over 10 years of his life building and breaking applications.
  • Matt South - TrustFoundry
    Matt is a penetration tester from Kansas City, MO. He specializes in web and mobile application testing, but loves all things security.

Similar Presentations: