Talk in English - US at Longhorn PHP Conference 2023
Track Name:
Ballroom C&D
Short URL: https://joind.in/talk/a09d7
(QR-Code (opens in new window))
Authentication is hard! Passwords are guessable, while SMS and app-based multi-factor authentication can be compromised. Even the promise of hardware tokens comes at a cost, being easy to lose and/or forget. Unfortunately, as developers, we're stuck trying to solve this difficult problem: how to make authentication work without putting our users at risk. Every option appears to have downsides... but there is hope!
Passkeys are a new authentication technology that uses cryptography within the web browser to securely identify and authenticate users, automatically syncing across devices, to entirely eliminate the need for passwords. It's like magic! We'll learn what they are, how they work, and why they are (virtually) unhackable. Your users will love a simplified login flow, and you'll stop worrying about account takeovers.
Comments
Comments are closed.
Very cool. Would be nice to see it implemented with php.
Great talk. Loved the scene setting, and the acknowledgement that syncing/lost devices are the fundamental passkey dilemma. Enjoyed the live demos.
One place to improve: timing. Speaker ran over 50 min (I think, unsure if he got a late start).
Very well-prepared, with nice looking slides. The pacing and content could have been adjusted considering the audience. Probably too much time spent on the deficiencies of other auth mechanisms, and I was hoping for more technical details on how passkeys are verified and implemented from an app developer point of view.
Good overview on different auth mechanisms. Liked the slides.
I was expecting more information earlier in the talk about passkeys. Until we reached this, my ability not follow was almost gone because of the different MFA methods... Adding Passkeys to a PHP application would also have been very interesting.
Lots of great information about the new and scary pass keys.
Interesting talk anout a new and upcoming technology that will likely be a part of our lives soon.
An intriguing preview to form passkeys. Looks like an excellent move forward to simplify user experience.
This was a great overview with the different authentication methods broken down into where they succeed or fail based on whether or not they are approached with:
- Forgetfulness
- Laziness
- Gullibility
- Technical Competence
Passkeys aim to resolve the problems with the above. The talk shows the shortcomings of it currently, but also outlines where it aims to go in the future. Passkeys are the future!
I would say that the Authenticator/Client/Application slides have some pretty small text, but the Auth0 demo that followed this section illustrated it pretty clearly. Like Ralf mentioned in these reviews, there could have been a bit more of a demonstration around how passkeys could be integrated into an application with PHP, but there were plenty of resources at the end to get started with this
This talk turned me from hating passkeys to being kinda OK with them. So, max marks for that.
I agree with some other comments, though, that too much time was spent breaking down existing methods to justify passkeys. It's good content, but could have been condensed to make more time for going deeper on passkeys.
Good overview of the technology, would love a little deeper dive on implementation in php/js/etc