In March 2019 the W3C released the Level 1 of the recommendation for the new Web Authentication Standard "WebAuthn". Already supported by all major browser vendors, it strives to make passwords as well as phishing a thing of the past. Given that haveibeenpwned.com’s databases contain millions of stolen credentials, the switch away from passwords should happen rather sooner than later. Are you prepared to support the new means of authentication? Get ready for the future and learn what WebAuthn is about, how it works, and how to leverage its potential for your site today using PHP and JavaScript.

Comments

Please login to leave a comment

Harro Verton at 14:13 on 9 Nov 2019

Good, clear, consise.

One thing missing (but probably not really in scope of the talk) was how exactly it is more secure than for example SMS, as no detail is given on how to provide it is me holding the USB key in my hands. In that sense, I wonder how banks for example are going to put any trust in this system, compared to the current system of OTP generation using the bankcard + pin.

Daniel Craigie at 15:04 on 9 Nov 2019

Interesting talk, it turns out I've been using this technology for a while without understanding what's going on under the hood.

I would like to have seen more PHP code, possibly throwing together a quick registration/login page to show how easy it is to incorperate into new/existing applications?

Adam Cooper at 15:41 on 9 Nov 2019

Would have been nice to see more PHP implementation details as a large part of the talk was about weak passwords I think this was opportunity missed.

Peter McDonald at 22:53 on 9 Nov 2019

Majority of the talk led upto why what we currently have is far from ideal before giving an overview of webauthn. Delivered in a entertaining and informative manner.

Ryan Mauger at 08:15 on 11 Nov 2019

I was hoping for a little more technical detail but still the background was very interesting and some useful insights.
Will be looking to add support for this to our app in the near future