Talk in English - UK at ScotlandPHP 2019
Track Name:
Track 2
Short URL: https://joind.in/talk/e891b
(QR-Code (opens in new window))
In March 2019 the W3C released the Level 1 of the recommendation for the new Web Authentication Standard "WebAuthn". Already supported by all major browser vendors, it strives to make passwords as well as phishing a thing of the past. Given that haveibeenpwned.com’s databases contain millions of stolen credentials, the switch away from passwords should happen rather sooner than later. Are you prepared to support the new means of authentication? Get ready for the future and learn what WebAuthn is about, how it works, and how to leverage its potential for your site today using PHP and JavaScript.
Comments
Comments are closed.
Good, clear, consise.
One thing missing (but probably not really in scope of the talk) was how exactly it is more secure than for example SMS, as no detail is given on how to provide it is me holding the USB key in my hands. In that sense, I wonder how banks for example are going to put any trust in this system, compared to the current system of OTP generation using the bankcard + pin.
Interesting talk, it turns out I've been using this technology for a while without understanding what's going on under the hood.
I would like to have seen more PHP code, possibly throwing together a quick registration/login page to show how easy it is to incorperate into new/existing applications?
Would have been nice to see more PHP implementation details as a large part of the talk was about weak passwords I think this was opportunity missed.
Majority of the talk led upto why what we currently have is far from ideal before giving an overview of webauthn. Delivered in a entertaining and informative manner.
I was hoping for a little more technical detail but still the background was very interesting and some useful insights.
Will be looking to add support for this to our app in the near future