Upgrade to Pro — share decks privately, control downloads, hide ads and more …

FIDO Passkeys - The Future without Passwords!

Niko Köbler
May 11, 2023
Programming
0
32

FIDO Passkeys - The Future without Passwords!

Niko Köbler

May 11, 2023
Tweet

More Decks by Niko Köbler

See All by Niko Köbler
OAuth2, OIDC & JWT - Important Basics!
dasniko
0
92
Authentication in Web, API-based & Distributed Environments
dasniko
0
77
Cloud Native Serverless Java with Quarkus & GraalVM on AWS Lambda
dasniko
0
110
Serverless! But Multi-Cloud?
dasniko
0
120
Containers vs. Serverless 2019
dasniko
1
130
How Do You Authenticate..?
dasniko
1
100
Serverless Security
dasniko
0
180
Containers vs. Serverless
dasniko
2
360
Serverless code-build-run pipelines
dasniko
0
57

Other Decks in Programming

See All in Programming
なぜ自社ではスクラムがうまくいかないのか アジャイルコーチと考える、スクラムのアンチパターン / Why Scrum doesn't work in my company?
daipresents
1
300
Re:Android Studio 설정 살펴보기 및 생산성 올리기
pluu
0
580
RustでWasm Runtimeを書いた in WebAssembly night #11
skanehira
0
280
Gradle Convention Plugins
jmatsu
1
480
GO TechTalk #22 Reactで描くタクシーアプリ『GO』の世界
mot_techtalk
0
170
pythonで0を作ってみんなも神になろう
kdai
3
1.6k
pnpm workspace実践ノウハウ
mh4gf
8
960
認知負荷で考えるフロントエンドの組織体制
shibe23
0
430
Creative coding starting with Ruby
chobishiba
1
600
Migrating From Spring Boot 2 To Spring Boot 3 - What's Jakarta EE Got To Do with It?
ivargrimstad
0
180
Chatwork プロダクト本部 紹介資料(エンジニア向け)
chatwork_hr
1
540
理解して導入するWebフレームワーク ~解決すべき課題に着目する~ / Understanding and implementing web frameworks ~focusing on the problems to be solved~
seike460
PRO
3
140

Featured

See All Featured
Put a Button on it: Removing Barriers to Going Fast.
kastner
56
2.7k
Documentation Writing (for coders)
carmenintech
54
3.3k
What’s in a name? Adding method to the madness
productmarketing
PRO
14
2.2k
Product Roadmaps are Hard
iamctodd
42
8.7k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
26
5.5k
Practical Orchestrator
shlominoach
179
9.3k
Automating Front-end Workflow
addyosmani
1354
200k
Teambox: Starting and Learning
jrom
125
8.1k
Typedesign – Prime Four
hannesfritz
35
1.7k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
152
14k
The World Runs on Bad Software
bkeepers
PRO
59
6k
The Cost Of JavaScript in 2023
addyosmani
8
1.5k

Transcript

  1. FIDO PASSKEYS
    NIKO KÖBLER (@DASNIKO)
    KEYCLOAK-EXPERTE.DE

    View Slide

  2. Niko Köbler | keycloak-experte.de
    Keycloak IAM & SSO
    ABOUT ME
    ▸ Freelance Consultant/Architect/Developer/Trainer
    ▸ Doing stuff with & without Computers, Software, > 24 yrs
    ▸ Mr. Keycloak > 8 yrs (since 1.x)
    ▸ Co-Lead of JUG DA (https://www.jug-da.de / @JUG_DA)
    ▸ Author of „Serverless Computing in AWS Cloud“
    serverlessbuch.de
    ▸ Web: www.n-k.de / Twitter: @dasniko
    ▸ YouTube: youtube.com/@dasniko

    View Slide

  3. @DASNIKO
    FIDO PASSKEYS
    PASSWORD

    View Slide

  4. @DASNIKO
    FIDO PASSKEYS
    https://www.safetydetectives.com/blog/the-most-hacked-passwords-in-the-world/

    View Slide

  5. @DASNIKO
    FIDO PASSKEYS
    https://www.safetydetectives.com/blog/the-most-hacked-passwords-in-the-world/

    View Slide

  6. @DASNIKO
    FIDO PASSKEYS
    https://www.safetydetectives.com/blog/the-most-hacked-passwords-in-the-world/

    View Slide

  7. @DASNIKO
    FIDO PASSKEYS
    https://www.safetydetectives.com/blog/the-most-hacked-passwords-in-the-world/

    View Slide

  8. @DASNIKO
    FIDO PASSKEYS
    https://xkcd.com/936/

    View Slide

  9. @DASNIKO
    FIDO PASSKEYS
    PASSWORD

    View Slide

  10. @DASNIKO
    FIDO PASSKEYS
    PASSWORD

    View Slide

  11. @DASNIKO
    FIDO PASSKEYS
    MFA?

    View Slide

  12. @DASNIKO
    Consortium of Major Global Players in
    Information Technology with the Aim to make
    the Internet more Secure and easier to use.
    FIDO PASSKEYS
    FIDO
    FAST IDENTITY ONLINE
    FIDOALLIANCE.ORG

    View Slide

  13. @DASNIKO
    FIDO PASSKEYS
    FIDO
    FAST IDENTITY ONLINE
    FIDOALLIANCE.ORG
    Simpler, Stronger Authentication
    Solving the World’s Password Problem

    View Slide

  14. @DASNIKO
    FIDO PASSKEYS
    PASSKEYS

    View Slide

  15. @DASNIKO
    FIDO PASSKEYS
    Login as usual with Your
    Username on a Website or
    in a Mobile-App.

    View Slide

  16. @DASNIKO
    FIDO PASSKEYS
    If the Website supports
    Passkeys, the Browser
    requests you to use them.

    View Slide

  17. @DASNIKO
    FIDO PASSKEYS
    Select the Passkey to use
    and Authenticate yourself
    using a biometric or a
    security key.

    View Slide

  18. @DASNIKO
    FIDO PASSKEYS
    Select the Passkey to use
    and Authenticate yourself
    using a biometric or a
    security key.

    View Slide

  19. @DASNIKO
    FIDO PASSKEYS
    Select the Passkey to use
    and Authenticate yourself
    using a biometric or a
    security key.

    View Slide

  20. @DASNIKO
    FIDO PASSKEYS
    That’s it!
    You are successfully
    logged in!

    View Slide

  21. @DASNIKO
    FIDO PASSKEYS
    PASSKEYS
    WEBAUTHN STANDARD
    PUBLIC-PRIVATE KEY PAIRS

    View Slide

  22. @DASNIKO
    FIDO PASSKEYS
    Identity Provider
    LOGIN REQUEST

    View Slide

  23. @DASNIKO
    FIDO PASSKEYS
    Identity Provider
    CHALLENGE RESP.

    View Slide

  24. @DASNIKO
    FIDO PASSKEYS
    Identity Provider
    PRIV

    View Slide

  25. @DASNIKO
    FIDO PASSKEYS
    Identity Provider
    PRIV

    View Slide

  26. @DASNIKO
    FIDO PASSKEYS
    Identity Provider
    PRIV
    SIGNED ANSWER

    View Slide

  27. @DASNIKO
    FIDO PASSKEYS
    Identity Provider
    PRIV
    PUB

    View Slide

  28. @DASNIKO
    USER SPECIFIC DATA
    FIDO PASSKEYS
    Identity Provider

    View Slide

  29. @DASNIKO
    FIDO PASSKEYS
    ADVANTAGES
    OF PASSKEYS

    View Slide

  30. @DASNIKO
    FIDO PASSKEYS
    1. EVERY PASSKEY IS BOUND
    TO A DOMAIN
    NO PHISHING POSSIBLE
    DIFFERENT PASSKEY FOR
    EVERY WEBSITE BY DESIGN

    View Slide

  31. @DASNIKO
    FIDO PASSKEYS
    2. NO MORE STRUGGLE WITH
    COMPLEX PASSWORD-RULES
    COMPLEX AND UNIQUE
    PASSKEYS BY DESIGN
    NO NEED TO REMEMBER ANYTHING

    View Slide

  32. @DASNIKO
    FIDO PASSKEYS
    3. PASSKEYS ARE ALREADY KIND
    OF MULTI-FACTOR
    KNOWLEDGE
    OWNERSHIP
    INHERENCE

    View Slide

  33. @DASNIKO
    FIDO PASSKEYS
    4. NO TRANSMISSION OF
    PERSONAL AND PRIVATE DATA
    NEITHER PRIVATE KEY,
    NOR BIOMETRIC DATA
    THUS, PUBLIC KEYS CAN BE SAVED
    UNENCRYPTED

    View Slide

  34. @DASNIKO
    FIDO PASSKEYS
    REGISTRATION
    OF PASSKEYS

    View Slide

  35. @DASNIKO
    FIDO PASSKEYS
    Identity Provider
    REGISTRATION
    REQUEST

    View Slide

  36. @DASNIKO
    FIDO PASSKEYS
    Identity Provider
    CONDITIONS FOR
    KEY GENERATION

    View Slide

  37. @DASNIKO
    FIDO PASSKEYS
    Identity Provider
    PRIV
    PUB

    View Slide

  38. @DASNIKO
    FIDO PASSKEYS
    Identity Provider
    PRIV
    PUB
    SEND PUBLIC KEY

    View Slide

  39. @DASNIKO
    FIDO PASSKEYS
    Identity Provider
    REGISTRATION FINISHED
    PUB

    View Slide

  40. @DASNIKO
    FIDO PASSKEYS
    MIXED
    ENVIRONMENTS
    ➡ PASSWORD MANAGER
    ➡ USE EXTERNAL DEVICE (QR-CODE)
    ➡ HARDWARE SECURITY KEYS (E.G. YUBIKEY)

    View Slide

  41. @DASNIKO
    FIDO PASSKEYS
    WHERE AND
    WHEN TO USE?

    View Slide

  42. @DASNIKO
    FIDO PASSKEYS
    DEV RESOURCES
    ➡ HTTPS://FIDOALLIANCE.ORG
    ➡ HTTPS://PASSKEYS.DEV

    View Slide

  43. THANK YOU.
    ANY QUESTIONS?
    Slides: https://speakerdeck.com/dasniko
    Niko Köbler | www.n-k.de | [email protected] | @dasniko
    FIDO PASSKEYS

    View Slide