Clemens Hübner

Passwordless future: WebAuthn and Passkeys in practice

What if you could build phishing-proof logins without passwords? Learn how WebAuthn and Passkeys make secure, cross-device authentication a practical reality for your users.

Passwordless future: WebAuthn and Passkeys in practice
#1about 3 minutes

The fundamental problems with password-based authentication

Passwords are hard for users to manage and insecure for developers to store, making them vulnerable to phishing and theft.

#2about 1 minute

Shifting to modern possession and biometric factors

The future of authentication moves away from what you know (passwords) to what you have (possession) and what you are (biometrics).

#3about 2 minutes

An overview of the WebAuthn JavaScript API

WebAuthn is a W3C standard and JavaScript API that enables passwordless authentication in web apps using modern cryptography.

#4about 2 minutes

Live demo of passwordless registration and login

A practical demonstration shows how a user can register and log in to a web application using a physical security key instead of a password.

#5about 4 minutes

How WebAuthn's registration and authentication ceremonies work

WebAuthn uses a registration ceremony to create a public-private key pair and an authentication ceremony to verify identity with a challenge-response process.

#6about 3 minutes

Understanding the history and browser support for WebAuthn

WebAuthn has been a W3C standard since 2019 and is now supported by over 95% of modern browsers across all major platforms.

#7about 3 minutes

Introducing Passkeys to solve WebAuthn's usability issues

Early WebAuthn adoption was slow due to usability challenges like managing physical keys and syncing credentials across multiple devices.

#8about 4 minutes

How Passkeys improve the user experience

Passkeys are WebAuthn credentials integrated into platform ecosystems like Apple ID and Google accounts, enabling seamless syncing and cross-device usage via QR codes.

#9about 3 minutes

The impact of Passkeys on passwordless adoption

The introduction of Passkeys by major platforms has significantly accelerated the adoption of passwordless authentication by improving usability and providing user education.

#10about 7 minutes

Answering key questions about Passkeys and WebAuthn

Common questions are addressed regarding credential recovery, phishing resistance, future-proofing against quantum computing, and usability for non-technical users.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Introducing passkeys for secure passwordless authentication
03:04 MIN

Introducing passkeys for secure passwordless authentication

Passwordless Web 1.5

Understanding passwordless authentication technologies
02:58 MIN

Understanding passwordless authentication technologies

Accelerating Authentication Architecture: Taking Passwordless to the Next Level

Understanding the next generation of authentication with passkeys
02:10 MIN

Understanding the next generation of authentication with passkeys

Going Beyond Passwords: The Future of User Authentication

The future outlook for passkey authentication
01:02 MIN

The future outlook for passkey authentication

Passwordless Web 1.5

Current adoption and developer implementation challenges
02:54 MIN

Current adoption and developer implementation challenges

Passwordless Web 1.5

Enhancing personal security with physical hardware keys
06:55 MIN

Enhancing personal security with physical hardware keys

WeAreDevelopers LIVE - Chrome for Sale? Comet - the upcoming perplexity browser Stealing and leaking

Q&A on career path and the future of passwordless
11:03 MIN

Q&A on career path and the future of passwordless

Accelerating Authentication Architecture: Taking Passwordless to the Next Level

How the initial passwordless solution worked
02:39 MIN

How the initial passwordless solution worked

Accelerating Authentication Architecture: Taking Passwordless to the Next Level

Featured Partners

Related Videos

See all videos
Going Beyond Passwords: The Future of User Authentication
27:55

Going Beyond Passwords: The Future of User Authentication

Gift Egwuenu

Passwordless Web 1.5
30:21

Passwordless Web 1.5

Paweł Łukaszuk

Security in modern Web Applications - OWASP to the rescue!
26:59

Security in modern Web Applications - OWASP to the rescue!

Jakub Andrzejewski

Unleashing the Power of Developers: Why Cybersecurity is the Missing Piece?!?
27:36

Unleashing the Power of Developers: Why Cybersecurity is the Missing Piece?!?

Tino Sokic

Accelerating Authentication Architecture: Taking Passwordless to the Next Level
49:52

Accelerating Authentication Architecture: Taking Passwordless to the Next Level

Yedidya Schwartz

Programming secure C#/.NET Applications: Dos & Don'ts
33:29

Programming secure C#/.NET Applications: Dos & Don'ts

Sebastian Leuer

No More Post-its: Boost your login security with APIs
16:05

No More Post-its: Boost your login security with APIs

Alvaro Navarro

Delegating the chores of authenticating users to Keycloak
23:42

Delegating the chores of authenticating users to Keycloak

Alexander Schwartz

Related Articles

View all articles
Chris Heilmann
The top 200 passwords of 2024 can be cracked in less than a second
Passwords are a pain and with biometric logins, passkeys and other two factor authentication methods should be a thing of the past. In reality, though, a lot of systems still use username and password as the only security measure and users choose al...
The top 200 passwords of 2024 can be cracked in less than a second
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
Benedikt Bischof
c't <webdev> 2023
c't <webdev> 2023: Three days of frontend developmentMany frontend development projects today are slain by a bloated, client-side rendered single page application. But Sebastian Springer thinks it's about time to stop doing that. In his c't keynote, ...
c't <webdev> 2023
Chris Heilmann
Dev Digest 116 - WWWAI?
This time, learn how to un-AI Google's search results, what's new on the web, avoid a new security hole and go back to BASICS with us. News and ArticlesWhat a week. Google, Microsoft, OpenAI and many others had their big flagship events announcing th...
Dev Digest 116 - WWWAI?

From learning to earning

Jobs that call for the skills explored in this talk.