Tweet
Tweet

Slide 1

Slide 1 text

FIDO PASSKEYS

Slide 2

Slide 2 text

ABOUT ME ▸ Independent Consultant/Architect/Developer/Trainer ▸ Doing stuff with & without Computers, Software, > 25 yrs ▸ "Mr. Keycloak" > 9 yrs (since 1.x) ▸ Co-Lead of JUG DA (https://www.jug-da.de / @JUG_DA) ▸ Author of „Serverless Computing in AWS Cloud“ serverlessbuch.de ▸ Web: www.n-k.de / Social: @dasniko ▸ YouTube: youtube.com/@dasniko

Slide 3

Slide 3 text

https://www.socreatory.com/de/trainings/keycloak?ref=niko

Slide 4

Slide 4 text

FIDO Passkeys PASSWORD

Slide 5

Slide 5 text

FIDO Passkeys https://www.safetydetectives.com/blog/the-most-hacked-passwords-in-the-world/ (05/2023)

Slide 6

Slide 6 text

FIDO Passkeys https://www.safetydetectives.com/blog/the-most-hacked-passwords-in-the-world/ (05/2023)

Slide 7

Slide 7 text

FIDO Passkeys https://www.safetydetectives.com/blog/the-most-hacked-passwords-in-the-world/ (05/2023)

Slide 8

Slide 8 text

FIDO Passkeys https://www.safetydetectives.com/blog/the-most-hacked-passwords-in-the-world/ (05/2023)

Slide 9

Slide 9 text

FIDO Passkeys https://www.safetydetectives.com/blog/the-most-hacked-passwords-in-the-world/ (05/2023)

Slide 10

Slide 10 text

FIDO Passkeys https://xkcd.com/936/

Slide 11

Slide 11 text

FIDO Passkeys PASSWORD

Slide 12

Slide 12 text

FIDO Passkeys PASSWORD

Slide 13

Slide 13 text

FIDO Passkeys MFA?

Slide 14

Slide 14 text

FIDO PASSKEYS FIDO FAST IDENTITY ONLINE FIDOALLIANCE.ORG

Slide 15

Slide 15 text

Consortium of Major Global Players in Information Technology with the Aim to make the Internet more Secure and easier to use. FIDO PASSKEYS FIDO FAST IDENTITY ONLINE FIDOALLIANCE.ORG

Slide 16

Slide 16 text

FIDO PASSKEYS FIDO FAST IDENTITY ONLINE FIDOALLIANCE.ORG Simpler, Stronger Authentication Solving the World’s Password Problem

Slide 17

Slide 17 text

FIDO Passkeys PASSKEYS

Slide 18

Slide 18 text

FIDO Passkeys PASSKEYS

Slide 19

Slide 19 text

FIDO PASSKEYS Login as usual with Your Username on a Website or in a Mobile-App.

Slide 20

Slide 20 text

FIDO PASSKEYS If the Website supports Passkeys, the Browser requests you to use them.

Slide 21

Slide 21 text

FIDO PASSKEYS Select the Passkey to use and Authenticate yourself using a biometric or a security key.

Slide 22

Slide 22 text

FIDO PASSKEYS Select the Passkey to use and Authenticate yourself using a biometric or a security key.

Slide 23

Slide 23 text

FIDO PASSKEYS Select the Passkey to use and Authenticate yourself using a biometric or a security key.

Slide 24

Slide 24 text

FIDO PASSKEYS That’s it! You are successfully logged in!

Slide 25

Slide 25 text

FIDO Passkeys PASSKEYS WEBAUTHN STANDARD PUBLIC-PRIVATE KEY PAIRS

Slide 26

Slide 26 text

FIDO Passkeys DEMO…

Slide 27

Slide 27 text

FIDO PASSKEYS Identity Provider

Slide 28

Slide 28 text

FIDO PASSKEYS Identity Provider LOGIN REQUEST

Slide 29

Slide 29 text

FIDO PASSKEYS Identity Provider CHALLENGE RESP.

Slide 30

Slide 30 text

FIDO PASSKEYS Identity Provider PRIV

Slide 31

Slide 31 text

FIDO PASSKEYS Identity Provider PRIV

Slide 32

Slide 32 text

FIDO PASSKEYS Identity Provider PRIV SIGNED ANSWER

Slide 33

Slide 33 text

FIDO PASSKEYS Identity Provider PRIV PUB

Slide 34

Slide 34 text

USER SPECIFIC DATA FIDO PASSKEYS Identity Provider

Slide 35

Slide 35 text

FIDO PASSKEYS REGISTRATION OF PASSKEYS

Slide 36

Slide 36 text

FIDO PASSKEYS Identity Provider

Slide 37

Slide 37 text

FIDO PASSKEYS Identity Provider REGISTRATION REQUEST

Slide 38

Slide 38 text

FIDO PASSKEYS Identity Provider CONDITIONS FOR KEY GENERATION

Slide 39

Slide 39 text

FIDO PASSKEYS Identity Provider

Slide 40

Slide 40 text

FIDO PASSKEYS Identity Provider

Slide 41

Slide 41 text

FIDO PASSKEYS Identity Provider PRIV PUB

Slide 42

Slide 42 text

FIDO PASSKEYS Identity Provider PRIV PUB SEND PUBLIC KEY

Slide 43

Slide 43 text

FIDO PASSKEYS Identity Provider REGISTRATION FINISHED PUB

Slide 44

Slide 44 text

FIDO PASSKEYS ADVANTAGES OF PASSKEYS

Slide 45

Slide 45 text

FIDO PASSKEYS 1. EVERY PASSKEY IS BOUND TO A DOMAIN No Phishing Possible. Different PASSKEY for every Website By Design.

Slide 46

Slide 46 text

FIDO PASSKEYS 2. NO MORE STRUGGLE WITH COMPLEX PASSWORD-RULES Complex and unique passkeys by design. No need to remember anything.

Slide 47

Slide 47 text

FIDO PASSKEYS 3. PASSKEYS ARE ALREADY KIND OF MULTI-FACTOR Ownership Inherence Knowledge

Slide 48

Slide 48 text

FIDO PASSKEYS 4. NO TRANSMISSION OF PERSONAL AND PRIVATE DATA Neither private Key, nor biometric data. Thus, public keys can be saved unencrypted.

Slide 49

Slide 49 text

FIDO PASSKEYS (5.) NO EXPLICIT USAGE OF USERNAMES NECESSARY Discoverable Credentials (formerly "Resident Keys")

Slide 50

Slide 50 text

FIDO Passkeys *)

Slide 51

Slide 51 text

FIDO Passkeys CTAP2 Client To Authenticator Protocol

Slide 52

Slide 52 text

FIDO Passkeys FIDO:/0835849654370320632569583877928987334052173049980161 6722038811686437501386620745218491891905310830006741238072 3814609350077472607493802861175815053378306107096654083332 https://fidoalliance.org/specs/fido-v2.2-rd-20230321/fido-client-to-authenticator-protocol-v2.2-rd-20230321.html#sctn-hybrid

Slide 53

Slide 53 text

FIDO PASSKEYS MIXED ENVIRONMENTS ➡ Use External Device (QR-Code / CTAP) ➡ Hardware Security Keys (e.g. yubikey) ➡ Password Manager

Slide 54

Slide 54 text

FIDO PASSKEYS WHERE AND WHEN TO USE?

Slide 55

Slide 55 text

FIDO PASSKEYS WHERE AND WHEN TO USE? https://passkeys.dev/device-support/ (07/2024)

Slide 56

Slide 56 text

FIDO PASSKEYS WHERE AND WHEN TO USE? https://passkeys.dev/device-support/ (07/2024)

Slide 57

Slide 57 text

FIDO PASSKEYS WHERE AND WHEN TO USE? https://passkeys.dev/device-support/ (07/2024)

Slide 58

Slide 58 text

FIDO PASSKEYS DEV RESOURCES ➡ https://fidoalliance.org ➡ https://passkeys.dev

Slide 59

Slide 59 text

Text https://www.informatik-aktuell.de/betrieb/sicherheit/fido-passkeys-in-zukunft-ohne-passwort.html

Slide 60

Slide 60 text

THANK YOU. ANY QUESTIONS? Slides: https://speakerdeck.com/dasniko NIKO KÖBLER | www.n-k.de | niko@n-k.de | @dasniko FIDO Passkeys