Upgrade to Pro — share decks privately, control downloads, hide ads and more …

FIDO Passkeys - The Future without Passwords!

Niko Köbler
May 11, 2023
Programming
1
180

FIDO Passkeys - The Future without Passwords!

Niko Köbler

May 11, 2023
Tweet

More Decks by Niko Köbler

See All by Niko Köbler
SAML, OAuth & OIDC
dasniko
0
39
Status Quo of OAuth 2
dasniko
0
71
OAuth2, OIDC & JWT - Important Basics!
dasniko
0
400
Authentication in Web, API-based & Distributed Environments
dasniko
0
96
Cloud Native Serverless Java with Quarkus & GraalVM on AWS Lambda
dasniko
0
130
Serverless! But Multi-Cloud?
dasniko
0
140
Containers vs. Serverless 2019
dasniko
1
220
How Do You Authenticate..?
dasniko
1
130
Serverless Security
dasniko
0
220

Other Decks in Programming

See All in Programming
Kotlin2でdataクラスの copyメソッドを禁止する/Data class copy function to have the same visibility as constructor
eichisanden
1
130
Kaigi on Rails 2024 - Rails APIモードのためのシンプルで効果的なCSRF対策 / kaigionrails-2024-csrf
corocn
5
3.4k
RailsのPull requestsのレビューの時に私が考えていること
yahonda
5
1.7k
弊社の「意識チョット低いアーキテクチャ」10選
texmeijin
5
23k
2万ページのSSG運用における工夫と注意点 / Vue Fes Japan 2024
chinen
3
1.3k
Go言語でターミナルフレンドリーなAIコマンド、afaを作った/fukuokago20_afa
monochromegane
2
140
デプロイを任されたので、教わった通りにデプロイしたら障害になった件 ~俺のやらかしを越えてゆけ~
techouse
52
32k
Importmapを使ったJavaScriptの 読み込みとブラウザアドオンの影響
swamp09
4
1.2k
Generative AI Use Cases JP (略称:GenU)奮闘記
hideg
0
150
推し活の ハイトラフィックに立ち向かう Railsとアーキテクチャ - Kaigi on Rails 2024
falcon8823
6
2.2k
破壊せよ!データ破壊駆動で考えるドメインモデリング / data-destroy-driven
minodriven
16
4k
Boost Performance and Developer Productivity with Jakarta EE 11
ivargrimstad
0
830

Featured

See All Featured
Java REST API Framework Comparison - PWX 2021
mraible
PRO
28
7.9k
Agile that works and the tools we love
rasmusluckow
327
21k
How to Think Like a Performance Engineer
csswizardry
19
1.1k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
246
1.3M
A Modern Web Designer's Workflow
chriscoyier
692
190k
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.5k
Into the Great Unknown - MozCon
thekraken
31
1.5k
For a Future-Friendly Web
brad_frost
175
9.4k
4 Signs Your Business is Dying
shpigford
180
21k
How to train your dragon (web standard)
notwaldorf
88
5.7k
Navigating Team Friction
lara
183
14k
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k

Transcript

  1. FIDO PASSKEYS

  2. ABOUT ME ▸ Independent Consultant/Architect/Developer/Trainer ▸ Doing stuff with &

    without Computers, Software, > 25 yrs ▸ "Mr. Keycloak" > 9 yrs (since 1.x) ▸ Co-Lead of JUG DA (https://www.jug-da.de / @JUG_DA) ▸ Author of „Serverless Computing in AWS Cloud“ serverlessbuch.de ▸ Web: www.n-k.de / Social: @dasniko ▸ YouTube: youtube.com/@dasniko

  3. https://www.socreatory.com/de/trainings/keycloak?ref=niko

  4. FIDO Passkeys PASSWORD

  5. FIDO Passkeys https://www.safetydetectives.com/blog/the-most-hacked-passwords-in-the-world/ (05/2023)

  6. FIDO Passkeys https://www.safetydetectives.com/blog/the-most-hacked-passwords-in-the-world/ (05/2023)

  7. FIDO Passkeys https://www.safetydetectives.com/blog/the-most-hacked-passwords-in-the-world/ (05/2023)

  8. FIDO Passkeys https://www.safetydetectives.com/blog/the-most-hacked-passwords-in-the-world/ (05/2023)

  9. FIDO Passkeys https://www.safetydetectives.com/blog/the-most-hacked-passwords-in-the-world/ (05/2023)

  10. FIDO Passkeys https://xkcd.com/936/

  11. FIDO Passkeys PASSWORD

  12. FIDO Passkeys PASSWORD

  13. FIDO Passkeys MFA?

  14. FIDO PASSKEYS FIDO FAST IDENTITY ONLINE FIDOALLIANCE.ORG

  15. Consortium of Major Global Players in Information Technology with the

    Aim to make the Internet more Secure and easier to use. FIDO PASSKEYS FIDO FAST IDENTITY ONLINE FIDOALLIANCE.ORG

  16. FIDO PASSKEYS FIDO FAST IDENTITY ONLINE FIDOALLIANCE.ORG Simpler, Stronger Authentication

    Solving the World’s Password Problem

  17. FIDO Passkeys PASSKEYS

  18. FIDO Passkeys PASSKEYS

  19. FIDO PASSKEYS Login as usual with Your Username on a

    Website or in a Mobile-App.

  20. FIDO PASSKEYS If the Website supports Passkeys, the Browser requests

    you to use them.

  21. FIDO PASSKEYS Select the Passkey to use and Authenticate yourself

    using a biometric or a security key.

  22. FIDO PASSKEYS Select the Passkey to use and Authenticate yourself

    using a biometric or a security key.

  23. FIDO PASSKEYS Select the Passkey to use and Authenticate yourself

    using a biometric or a security key.

  24. FIDO PASSKEYS That’s it! You are successfully logged in!

  25. FIDO Passkeys PASSKEYS WEBAUTHN STANDARD PUBLIC-PRIVATE KEY PAIRS

  26. FIDO Passkeys DEMO…

  27. FIDO PASSKEYS Identity Provider

  28. FIDO PASSKEYS Identity Provider LOGIN REQUEST

  29. FIDO PASSKEYS Identity Provider CHALLENGE RESP.

  30. FIDO PASSKEYS Identity Provider PRIV

  31. FIDO PASSKEYS Identity Provider PRIV

  32. FIDO PASSKEYS Identity Provider PRIV SIGNED ANSWER

  33. FIDO PASSKEYS Identity Provider PRIV PUB

  34. USER SPECIFIC DATA FIDO PASSKEYS Identity Provider

  35. FIDO PASSKEYS REGISTRATION OF PASSKEYS

  36. FIDO PASSKEYS Identity Provider

  37. FIDO PASSKEYS Identity Provider REGISTRATION REQUEST

  38. FIDO PASSKEYS Identity Provider CONDITIONS FOR KEY GENERATION

  39. FIDO PASSKEYS Identity Provider

  40. FIDO PASSKEYS Identity Provider

  41. FIDO PASSKEYS Identity Provider PRIV PUB

  42. FIDO PASSKEYS Identity Provider PRIV PUB SEND PUBLIC KEY

  43. FIDO PASSKEYS Identity Provider REGISTRATION FINISHED PUB

  44. FIDO PASSKEYS ADVANTAGES OF PASSKEYS

  45. FIDO PASSKEYS 1. EVERY PASSKEY IS BOUND TO A DOMAIN

    No Phishing Possible. Different PASSKEY for every Website By Design.

  46. FIDO PASSKEYS 2. NO MORE STRUGGLE WITH COMPLEX PASSWORD-RULES Complex

    and unique passkeys by design. No need to remember anything.

  47. FIDO PASSKEYS 3. PASSKEYS ARE ALREADY KIND OF MULTI-FACTOR Ownership

    Inherence Knowledge

  48. FIDO PASSKEYS 4. NO TRANSMISSION OF PERSONAL AND PRIVATE DATA

    Neither private Key, nor biometric data. Thus, public keys can be saved unencrypted.

  49. FIDO PASSKEYS (5.) NO EXPLICIT USAGE OF USERNAMES NECESSARY Discoverable

    Credentials (formerly "Resident Keys")

  50. FIDO Passkeys *)

  51. FIDO Passkeys CTAP2 Client To Authenticator Protocol

  52. FIDO Passkeys FIDO:/0835849654370320632569583877928987334052173049980161 6722038811686437501386620745218491891905310830006741238072 3814609350077472607493802861175815053378306107096654083332 https://fidoalliance.org/specs/fido-v2.2-rd-20230321/fido-client-to-authenticator-protocol-v2.2-rd-20230321.html#sctn-hybrid

  53. FIDO PASSKEYS MIXED ENVIRONMENTS ➡ Use External Device (QR-Code /

    CTAP) ➡ Hardware Security Keys (e.g. yubikey) ➡ Password Manager

  54. FIDO PASSKEYS WHERE AND WHEN TO USE?

  55. FIDO PASSKEYS WHERE AND WHEN TO USE? https://passkeys.dev/device-support/ (07/2024)

  56. FIDO PASSKEYS WHERE AND WHEN TO USE? https://passkeys.dev/device-support/ (07/2024)

  57. FIDO PASSKEYS WHERE AND WHEN TO USE? https://passkeys.dev/device-support/ (07/2024)

  58. FIDO PASSKEYS DEV RESOURCES ➡ https://fidoalliance.org ➡ https://passkeys.dev

  59. Text https://www.informatik-aktuell.de/betrieb/sicherheit/fido-passkeys-in-zukunft-ohne-passwort.html

  60. THANK YOU. ANY QUESTIONS? Slides: https://speakerdeck.com/dasniko NIKO KÖBLER | www.n-k.de

    | [email protected] | @dasniko FIDO Passkeys