Authentication is hard! Passwords are guessable, while SMS and app-based multi-factor authentication can be compromised. Even the promise of hardware tokens comes at a cost, being easy to lose and/or forget. Unfortunately, as developers, we're stuck trying to solve this difficult problem: how to make authentication work without putting our users at risk. Every option appears to have downsides... but there is hope!

Passkeys are a new authentication technology that uses cryptography within the web browser to securely identify and authenticate users, automatically syncing across devices, to entirely eliminate the need for passwords. It's like magic! We'll learn what they are, how they work, and why they are (virtually) unhackable. Your users will love a simplified login flow, and you'll stop worrying about account takeovers.

Comments

Comments are closed.

Very cool. Would be nice to see it implemented with php.

Dan Moore at 13:01 on 4 Nov 2023

Great talk. Loved the scene setting, and the acknowledgement that syncing/lost devices are the fundamental passkey dilemma. Enjoyed the live demos.

One place to improve: timing. Speaker ran over 50 min (I think, unsure if he got a late start).

Wun Chiou at 13:03 on 4 Nov 2023

Very well-prepared, with nice looking slides. The pacing and content could have been adjusted considering the audience. Probably too much time spent on the deficiencies of other auth mechanisms, and I was hoping for more technical details on how passkeys are verified and implemented from an app developer point of view.

Mark Junghanns at 13:09 on 4 Nov 2023

Good overview on different auth mechanisms. Liked the slides.

Ralf Jahr at 14:04 on 4 Nov 2023

I was expecting more information earlier in the talk about passkeys. Until we reached this, my ability not follow was almost gone because of the different MFA methods... Adding Passkeys to a PHP application would also have been very interesting.

TJ Draper at 14:08 on 4 Nov 2023

Lots of great information about the new and scary pass keys.

Peter Meth at 14:37 on 4 Nov 2023

Interesting talk anout a new and upcoming technology that will likely be a part of our lives soon.

Ariane Dupaix at 15:39 on 4 Nov 2023

An intriguing preview to form passkeys. Looks like an excellent move forward to simplify user experience.

Nick A at 15:41 on 4 Nov 2023

This was a great overview with the different authentication methods broken down into where they succeed or fail based on whether or not they are approached with:
- Forgetfulness
- Laziness
- Gullibility
- Technical Competence

Passkeys aim to resolve the problems with the above. The talk shows the shortcomings of it currently, but also outlines where it aims to go in the future. Passkeys are the future!

I would say that the Authenticator/Client/Application slides have some pretty small text, but the Auth0 demo that followed this section illustrated it pretty clearly. Like Ralf mentioned in these reviews, there could have been a bit more of a demonstration around how passkeys could be integrated into an application with PHP, but there were plenty of resources at the end to get started with this

Larry Garfield at 15:49 on 4 Nov 2023

This talk turned me from hating passkeys to being kinda OK with them. So, max marks for that.

I agree with some other comments, though, that too much time was spent breaking down existing methods to justify passkeys. It's good content, but could have been condensed to make more time for going deeper on passkeys.

Good overview of the technology, would love a little deeper dive on implementation in php/js/etc