Talk in English - UK at nodejsday 2019
Short URL: https://joind.in/talk/794b4
(QR-Code (opens in new window))
Passwords are a problem. We reuse them. We forget them. They’re tricky to implement and secure, as developers. They're easy to steal; 95% of all data breaches are due to weak or stolen credentials. I've been part of a team that drove one of the first commercial implementations of Web Authentication, the Javascript API that is now widely available in browsers. The spec aims to provide a strategy for securing users across the internet using public key cryptography instead of passwords. It integrates with the strong authentication provided by devices, like Windows Hello or Apple’s Touch ID; instead of passwords, a user's fingerprint, retina, or voice can log into your website. In this talk I will dive into what you need to know to build a full-stack application that implements WebAuthn in Node.JS. I'll introduce the cryptographic concepts you will need to understand to implement the protocol in your application. I'll describe the user-experience and engineering challenges faced by my team in integrating the Web Authentication API into our product. I will conclude with thoughts on the prospects of Web Authentication, and why I feel it could have a significant impact on the way we developers think about security.
Comments
Comments are closed.
Suby showed me a beatiful world without passwords!