FIDO Passkeys - The Future without Passwords!

FIDO PASSKEYS

ABOUT ME ▸ Independent Consultant/Architect/Developer/Trainer ▸ Doing stuff with &
without Computers, Software, > 25 yrs ▸ "Mr. Keycloak" > 9 yrs (since 1.x) ▸ Co-Lead of JUG DA (https://www.jug-da.de / @JUG_DA) ▸ Author of „Serverless Computing in AWS Cloud“ serverlessbuch.de ▸ Web: www.n-k.de / Social: @dasniko ▸ YouTube: youtube.com/@dasniko

https://www.socreatory.com/de/trainings/keycloak?ref=niko

FIDO Passkeys PASSWORD

FIDO Passkeys https://www.safetydetectives.com/blog/the-most-hacked-passwords-in-the-world/ (05/2023)

FIDO Passkeys https://xkcd.com/936/

FIDO Passkeys PASSWORD

FIDO Passkeys MFA?

FIDO PASSKEYS FIDO FAST IDENTITY ONLINE FIDOALLIANCE.ORG

Consortium of Major Global Players in Information Technology with the
Aim to make the Internet more Secure and easier to use. FIDO PASSKEYS FIDO FAST IDENTITY ONLINE FIDOALLIANCE.ORG

FIDO PASSKEYS FIDO FAST IDENTITY ONLINE FIDOALLIANCE.ORG Simpler, Stronger Authentication
Solving the World’s Password Problem

FIDO Passkeys PASSKEYS

FIDO PASSKEYS Login as usual with Your Username on a
Website or in a Mobile-App.

FIDO PASSKEYS If the Website supports Passkeys, the Browser requests
you to use them.

FIDO PASSKEYS Select the Passkey to use and Authenticate yourself
using a biometric or a security key.

FIDO PASSKEYS That’s it! You are successfully logged in!

FIDO Passkeys PASSKEYS WEBAUTHN STANDARD PUBLIC-PRIVATE KEY PAIRS

FIDO Passkeys DEMO…

FIDO PASSKEYS Identity Provider

FIDO PASSKEYS Identity Provider LOGIN REQUEST

FIDO PASSKEYS Identity Provider CHALLENGE RESP.

FIDO PASSKEYS Identity Provider PRIV

FIDO PASSKEYS Identity Provider PRIV SIGNED ANSWER

FIDO PASSKEYS Identity Provider PRIV PUB

USER SPECIFIC DATA FIDO PASSKEYS Identity Provider

FIDO PASSKEYS REGISTRATION OF PASSKEYS

FIDO PASSKEYS Identity Provider REGISTRATION REQUEST

FIDO PASSKEYS Identity Provider CONDITIONS FOR KEY GENERATION

FIDO PASSKEYS Identity Provider PRIV PUB

FIDO PASSKEYS Identity Provider PRIV PUB SEND PUBLIC KEY

FIDO PASSKEYS Identity Provider REGISTRATION FINISHED PUB

FIDO PASSKEYS ADVANTAGES OF PASSKEYS

FIDO PASSKEYS 1. EVERY PASSKEY IS BOUND TO A DOMAIN
No Phishing Possible. Different PASSKEY for every Website By Design.

FIDO PASSKEYS 2. NO MORE STRUGGLE WITH COMPLEX PASSWORD-RULES Complex
and unique passkeys by design. No need to remember anything.

FIDO PASSKEYS 3. PASSKEYS ARE ALREADY KIND OF MULTI-FACTOR Ownership
Inherence Knowledge

FIDO PASSKEYS 4. NO TRANSMISSION OF PERSONAL AND PRIVATE DATA
Neither private Key, nor biometric data. Thus, public keys can be saved unencrypted.

FIDO PASSKEYS (5.) NO EXPLICIT USAGE OF USERNAMES NECESSARY Discoverable
Credentials (formerly "Resident Keys")

FIDO Passkeys *)

FIDO Passkeys CTAP2 Client To Authenticator Protocol

FIDO Passkeys FIDO:/0835849654370320632569583877928987334052173049980161 6722038811686437501386620745218491891905310830006741238072 3814609350077472607493802861175815053378306107096654083332 https://fidoalliance.org/specs/fido-v2.2-rd-20230321/fido-client-to-authenticator-protocol-v2.2-rd-20230321.html#sctn-hybrid

FIDO PASSKEYS MIXED ENVIRONMENTS ➡ Use External Device (QR-Code /
CTAP) ➡ Hardware Security Keys (e.g. yubikey) ➡ Password Manager

FIDO PASSKEYS WHERE AND WHEN TO USE?

FIDO PASSKEYS WHERE AND WHEN TO USE? https://passkeys.dev/device-support/ (07/2024)

FIDO PASSKEYS DEV RESOURCES ➡ https://ﬁdoalliance.org ➡ https://passkeys.dev

Text https://www.informatik-aktuell.de/betrieb/sicherheit/ﬁdo-passkeys-in-zukunft-ohne-passwort.html

THANK YOU. ANY QUESTIONS? Slides: https://speakerdeck.com/dasniko NIKO KÖBLER | www.n-k.de
| [email protected] | @dasniko FIDO Passkeys

FIDO Passkeys - The Future without Passwords!

FIDO Passkeys - The Future without Passwords!

More Decks by Niko Köbler

Other Decks in Programming

Featured

Transcript