Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
FIDO Passkeys - The Future without Passwords!
Search
Niko Köbler
May 11, 2023
Programming
300
1
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
FIDO Passkeys - The Future without Passwords!
Niko Köbler
May 11, 2023
More Decks by Niko Köbler
See All by Niko Köbler
The Keycloak Token Config Mistakes 90% of All Developers Get Wrong (and how to avoid)
dasniko
0
32
DPoP - Demonstrating Proof of Possession
dasniko
0
72
History of Authentication
dasniko
0
71
SAML, OAuth & OIDC
dasniko
0
290
Status Quo of OAuth 2
dasniko
0
360
OAuth2, OIDC & JWT - Important Basics!
dasniko
1
1k
Authentication in Web, API-based & Distributed Environments
dasniko
0
160
Cloud Native Serverless Java with Quarkus & GraalVM on AWS Lambda
dasniko
0
200
Serverless! But Multi-Cloud?
dasniko
0
200
Other Decks in Programming
See All in Programming
トークンをケチるな、設計しろ:GitHub Copilotを賢く使うコンテキスト戦略
ochtum
0
160
[2026年度第1回ORセミナー] 計画最適化ベンチャーと競技プログラミング人材
terryu16
0
270
Inside Stream API
skrb
1
770
Performance Engineering for Everyone
elenatanasoiu
0
210
Creating Composable Callables in Contemporary C++
rollbear
0
170
Make SRE Operations Easier with Azure SRE Agent
kkamegawa
0
7.9k
セキュリティの専門家じゃなくてもできる。「セキュリティ意識」をアップデートして サプライチェーン攻撃への耐性を高めよう。
tk3fftk
5
920
依存関係から依存物へ―Dependencyという言葉の歴史をひも解く
j_lee
0
130
Contextとはなにか
chiroruxx
1
370
気圧・高度・GPSを記録&可視化するアプリ「Koudo」を作った話
hjmkth
1
320
ローカルLLMを使ってB2Bサービスを作っていての学び
yaotti
0
210
ADKを使って簡単にAIエージェントを作ってみよう
k1mu21
0
280
Featured
See All Featured
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
508
140k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
254
22k
Agile that works and the tools we love
rasmusluckow
331
22k
Site-Speed That Sticks
csswizardry
13
1.2k
Jess Joyce - The Pitfalls of Following Frameworks
techseoconnect
PRO
1
170
GitHub's CSS Performance
jonrohan
1033
470k
Reflections from 52 weeks, 52 projects
jeffersonlam
356
21k
Information Architects: The Missing Link in Design Systems
soysaucechin
0
980
Product Roadmaps are Hard
iamctodd
PRO
55
12k
What does AI have to do with Human Rights?
axbom
PRO
1
2.2k
HDC tutorial
michielstock
2
720
The Limits of Empathy - UXLibs8
cassininazir
1
370
Transcript
FIDO PASSKEYS
ABOUT ME ▸ Independent Consultant/Architect/Developer/Trainer ▸ Doing stuff with &
without Computers, Software, > 25 yrs ▸ "Mr. Keycloak" > 9 yrs (since 1.x) ▸ Co-Lead of JUG DA (https://www.jug-da.de / @JUG_DA) ▸ Author of „Serverless Computing in AWS Cloud“ serverlessbuch.de ▸ Web: www.n-k.de / Social: @dasniko ▸ YouTube: youtube.com/@dasniko
https://www.socreatory.com/de/trainings/keycloak?ref=niko
FIDO Passkeys PASSWORD
FIDO Passkeys https://www.safetydetectives.com/blog/the-most-hacked-passwords-in-the-world/ (05/2023)
FIDO Passkeys https://www.safetydetectives.com/blog/the-most-hacked-passwords-in-the-world/ (05/2023)
FIDO Passkeys https://www.safetydetectives.com/blog/the-most-hacked-passwords-in-the-world/ (05/2023)
FIDO Passkeys https://www.safetydetectives.com/blog/the-most-hacked-passwords-in-the-world/ (05/2023)
FIDO Passkeys https://www.safetydetectives.com/blog/the-most-hacked-passwords-in-the-world/ (05/2023)
FIDO Passkeys https://xkcd.com/936/
FIDO Passkeys PASSWORD
FIDO Passkeys PASSWORD
FIDO Passkeys MFA?
FIDO PASSKEYS FIDO FAST IDENTITY ONLINE FIDOALLIANCE.ORG
Consortium of Major Global Players in Information Technology with the
Aim to make the Internet more Secure and easier to use. FIDO PASSKEYS FIDO FAST IDENTITY ONLINE FIDOALLIANCE.ORG
FIDO PASSKEYS FIDO FAST IDENTITY ONLINE FIDOALLIANCE.ORG Simpler, Stronger Authentication
Solving the World’s Password Problem
FIDO Passkeys PASSKEYS
FIDO Passkeys PASSKEYS
FIDO PASSKEYS Login as usual with Your Username on a
Website or in a Mobile-App.
FIDO PASSKEYS If the Website supports Passkeys, the Browser requests
you to use them.
FIDO PASSKEYS Select the Passkey to use and Authenticate yourself
using a biometric or a security key.
FIDO PASSKEYS Select the Passkey to use and Authenticate yourself
using a biometric or a security key.
FIDO PASSKEYS Select the Passkey to use and Authenticate yourself
using a biometric or a security key.
FIDO PASSKEYS That’s it! You are successfully logged in!
FIDO Passkeys PASSKEYS WEBAUTHN STANDARD PUBLIC-PRIVATE KEY PAIRS
FIDO Passkeys DEMO…
FIDO PASSKEYS Identity Provider
FIDO PASSKEYS Identity Provider LOGIN REQUEST
FIDO PASSKEYS Identity Provider CHALLENGE RESP.
FIDO PASSKEYS Identity Provider PRIV
FIDO PASSKEYS Identity Provider PRIV
FIDO PASSKEYS Identity Provider PRIV SIGNED ANSWER
FIDO PASSKEYS Identity Provider PRIV PUB
USER SPECIFIC DATA FIDO PASSKEYS Identity Provider
FIDO PASSKEYS REGISTRATION OF PASSKEYS
FIDO PASSKEYS Identity Provider
FIDO PASSKEYS Identity Provider REGISTRATION REQUEST
FIDO PASSKEYS Identity Provider CONDITIONS FOR KEY GENERATION
FIDO PASSKEYS Identity Provider
FIDO PASSKEYS Identity Provider
FIDO PASSKEYS Identity Provider PRIV PUB
FIDO PASSKEYS Identity Provider PRIV PUB SEND PUBLIC KEY
FIDO PASSKEYS Identity Provider REGISTRATION FINISHED PUB
FIDO PASSKEYS ADVANTAGES OF PASSKEYS
FIDO PASSKEYS 1. EVERY PASSKEY IS BOUND TO A DOMAIN
No Phishing Possible. Different PASSKEY for every Website By Design.
FIDO PASSKEYS 2. NO MORE STRUGGLE WITH COMPLEX PASSWORD-RULES Complex
and unique passkeys by design. No need to remember anything.
FIDO PASSKEYS 3. PASSKEYS ARE ALREADY KIND OF MULTI-FACTOR Ownership
Inherence Knowledge
FIDO PASSKEYS 4. NO TRANSMISSION OF PERSONAL AND PRIVATE DATA
Neither private Key, nor biometric data. Thus, public keys can be saved unencrypted.
FIDO PASSKEYS (5.) NO EXPLICIT USAGE OF USERNAMES NECESSARY Discoverable
Credentials (formerly "Resident Keys")
FIDO Passkeys *)
FIDO Passkeys CTAP2 Client To Authenticator Protocol
FIDO Passkeys FIDO:/0835849654370320632569583877928987334052173049980161 6722038811686437501386620745218491891905310830006741238072 3814609350077472607493802861175815053378306107096654083332 https://fidoalliance.org/specs/fido-v2.2-rd-20230321/fido-client-to-authenticator-protocol-v2.2-rd-20230321.html#sctn-hybrid
FIDO PASSKEYS MIXED ENVIRONMENTS ➡ Use External Device (QR-Code /
CTAP) ➡ Hardware Security Keys (e.g. yubikey) ➡ Password Manager
FIDO PASSKEYS WHERE AND WHEN TO USE?
FIDO PASSKEYS WHERE AND WHEN TO USE? https://passkeys.dev/device-support/ (07/2024)
FIDO PASSKEYS WHERE AND WHEN TO USE? https://passkeys.dev/device-support/ (07/2024)
FIDO PASSKEYS WHERE AND WHEN TO USE? https://passkeys.dev/device-support/ (07/2024)
FIDO PASSKEYS DEV RESOURCES ➡ https://fidoalliance.org ➡ https://passkeys.dev
Text https://www.informatik-aktuell.de/betrieb/sicherheit/fido-passkeys-in-zukunft-ohne-passwort.html
THANK YOU. ANY QUESTIONS? Slides: https://speakerdeck.com/dasniko NIKO KÖBLER | www.n-k.de
|
[email protected]
| @dasniko FIDO Passkeys