Why FIDO Security Keys & WebAuthn are Awesome

Presented at BSidesLV 2019, Aug. 6, 2019, 6 p.m. (55 minutes)

User authentication is hard. It's a constant struggle between ease of use and effectiveness. Passwords are still the default choice, but password problems continue to grow in occurrence and complexity. User education about ‘good passwords' and phishing has not been sufficient. We need something better.

Fortunately, better options already exist. U2F proven effective over the years, and its successor, WebAuthn, is even better.

This talk will discuss how WebAuthn provides strong authentication, where FIDO security keys are already supported, and how to add support to your own stuff.

Presenters:

• Jen Tong
  Jen is a Security Advocate on Google Cloud. In this role she helps software developers and IT professionals stay out of trouble while getting the most out of cloud computing. Previously she worked in a wide variety of engineering roles from robotics at NASA, to developer advocacy for Google Glass. She is passionate about education, especially on the subjects of technology and science. If she's away from her laptop, she's probably playing ice hockey, or running a D&D game.

Similar Presentations:

• CrikeyCon VII (2021) / Mad Monster Standards - Exploring Webauthn
• Objective by the Sea version 4.0 (2021) / FIDO on MacOS: How it works, Attack Vectors and Other Learnings
• Global AppSec - DC 2019 / Building Secure Password-less Web Applications using WebAuthn