User authentication is hard. It’s a constant struggle between ease of use and effectiveness. Passwords are still the default choice, but password problems continue to grow in occurrence and complexity. User education about ‘good passwords’ and phishing has not been sufficient. We need something better.
Fortunately, better options already exist. U2F proven effective over the years, and its successor, WebAuthn, is even better.
This talk will discuss how WebAuthn provides strong authentication, where FIDO security keys are already supported, and how to add support to your own stuff.