FIDO Passkeys - The Future without Passwords!

Transcript

1. FIDO PASSKEYS

2. ABOUT ME ▸ Independent Consultant/Architect/Developer/Trainer ▸ Doing stuff with &

   without Computers, Software, > 25 yrs ▸ "Mr. Keycloak" > 9 yrs (since 1.x) ▸ Co-Lead of JUG DA (https://www.jug-da.de / @JUG_DA) ▸ Author of „Serverless Computing in AWS Cloud“ serverlessbuch.de ▸ Web: www.n-k.de / Social: @dasniko ▸ YouTube: youtube.com/@dasniko

3. https://www.socreatory.com/de/trainings/keycloak?ref=niko

4. FIDO Passkeys PASSWORD

5. FIDO Passkeys https://www.safetydetectives.com/blog/the-most-hacked-passwords-in-the-world/ (05/2023)

6. FIDO Passkeys https://www.safetydetectives.com/blog/the-most-hacked-passwords-in-the-world/ (05/2023)

7. FIDO Passkeys https://www.safetydetectives.com/blog/the-most-hacked-passwords-in-the-world/ (05/2023)

8. FIDO Passkeys https://www.safetydetectives.com/blog/the-most-hacked-passwords-in-the-world/ (05/2023)

9. FIDO Passkeys https://www.safetydetectives.com/blog/the-most-hacked-passwords-in-the-world/ (05/2023)

10. FIDO Passkeys https://xkcd.com/936/

11. FIDO Passkeys PASSWORD

12. FIDO Passkeys PASSWORD

13. FIDO Passkeys MFA?

14. FIDO PASSKEYS FIDO FAST IDENTITY ONLINE FIDOALLIANCE.ORG

15. Consortium of Major Global Players in Information Technology with the

    Aim to make the Internet more Secure and easier to use. FIDO PASSKEYS FIDO FAST IDENTITY ONLINE FIDOALLIANCE.ORG

16. FIDO PASSKEYS FIDO FAST IDENTITY ONLINE FIDOALLIANCE.ORG Simpler, Stronger Authentication

    Solving the World’s Password Problem

17. FIDO Passkeys PASSKEYS

18. FIDO Passkeys PASSKEYS

19. FIDO PASSKEYS Login as usual with Your Username on a

    Website or in a Mobile-App.

20. FIDO PASSKEYS If the Website supports Passkeys, the Browser requests

    you to use them.

21. FIDO PASSKEYS Select the Passkey to use and Authenticate yourself

    using a biometric or a security key.

22. FIDO PASSKEYS Select the Passkey to use and Authenticate yourself

    using a biometric or a security key.

23. FIDO PASSKEYS Select the Passkey to use and Authenticate yourself

    using a biometric or a security key.

24. FIDO PASSKEYS That’s it! You are successfully logged in!

25. FIDO Passkeys PASSKEYS WEBAUTHN STANDARD PUBLIC-PRIVATE KEY PAIRS

26. FIDO Passkeys DEMO…

27. FIDO PASSKEYS Identity Provider

28. FIDO PASSKEYS Identity Provider LOGIN REQUEST

29. FIDO PASSKEYS Identity Provider CHALLENGE RESP.

30. FIDO PASSKEYS Identity Provider PRIV

31. FIDO PASSKEYS Identity Provider PRIV

32. FIDO PASSKEYS Identity Provider PRIV SIGNED ANSWER

33. FIDO PASSKEYS Identity Provider PRIV PUB

34. USER SPECIFIC DATA FIDO PASSKEYS Identity Provider

35. FIDO PASSKEYS REGISTRATION OF PASSKEYS

36. FIDO PASSKEYS Identity Provider

37. FIDO PASSKEYS Identity Provider REGISTRATION REQUEST

38. FIDO PASSKEYS Identity Provider CONDITIONS FOR KEY GENERATION

39. FIDO PASSKEYS Identity Provider

40. FIDO PASSKEYS Identity Provider

41. FIDO PASSKEYS Identity Provider PRIV PUB

42. FIDO PASSKEYS Identity Provider PRIV PUB SEND PUBLIC KEY

43. FIDO PASSKEYS Identity Provider REGISTRATION FINISHED PUB

44. FIDO PASSKEYS ADVANTAGES OF PASSKEYS

45. FIDO PASSKEYS 1. EVERY PASSKEY IS BOUND TO A DOMAIN

    No Phishing Possible. Different PASSKEY for every Website By Design.

46. FIDO PASSKEYS 2. NO MORE STRUGGLE WITH COMPLEX PASSWORD-RULES Complex

    and unique passkeys by design. No need to remember anything.

47. FIDO PASSKEYS 3. PASSKEYS ARE ALREADY KIND OF MULTI-FACTOR Ownership

    Inherence Knowledge

48. FIDO PASSKEYS 4. NO TRANSMISSION OF PERSONAL AND PRIVATE DATA

    Neither private Key, nor biometric data. Thus, public keys can be saved unencrypted.

49. FIDO PASSKEYS (5.) NO EXPLICIT USAGE OF USERNAMES NECESSARY Discoverable

    Credentials (formerly "Resident Keys")

50. FIDO Passkeys *)

51. FIDO Passkeys CTAP2 Client To Authenticator Protocol

52. FIDO Passkeys FIDO:/0835849654370320632569583877928987334052173049980161 6722038811686437501386620745218491891905310830006741238072 3814609350077472607493802861175815053378306107096654083332 https://fidoalliance.org/specs/fido-v2.2-rd-20230321/fido-client-to-authenticator-protocol-v2.2-rd-20230321.html#sctn-hybrid

53. FIDO PASSKEYS MIXED ENVIRONMENTS ➡ Use External Device (QR-Code /

    CTAP) ➡ Hardware Security Keys (e.g. yubikey) ➡ Password Manager

54. FIDO PASSKEYS WHERE AND WHEN TO USE?

55. FIDO PASSKEYS WHERE AND WHEN TO USE? https://passkeys.dev/device-support/ (07/2024)

56. FIDO PASSKEYS WHERE AND WHEN TO USE? https://passkeys.dev/device-support/ (07/2024)

57. FIDO PASSKEYS WHERE AND WHEN TO USE? https://passkeys.dev/device-support/ (07/2024)

58. FIDO PASSKEYS DEV RESOURCES ➡ https://fidoalliance.org ➡ https://passkeys.dev

59. Text https://www.informatik-aktuell.de/betrieb/sicherheit/fido-passkeys-in-zukunft-ohne-passwort.html

60. THANK YOU. ANY QUESTIONS? Slides: https://speakerdeck.com/dasniko NIKO KÖBLER | www.n-k.de

    | [email protected] | @dasniko FIDO Passkeys