Explore the potential risks and vulnerabilities of passwordless authentication technologies in this 29-minute OWASP Foundation conference talk. Delve into real-world scenarios where faulty implementation of passwordless solutions for web applications can lead to more significant security breaches than traditional password-based systems. Learn about the misconceptions surrounding the unhackability of passwordless technologies and the possibility of account takeover and user impersonation. Discover best practices for developers integrating WebAuthn into web applications, along with recommendations for pentesters, enterprises, and end-users. Gain insights from Aldo Salas, Application Security Lead at HYPR, as he shares his extensive experience in application security and his quest to eliminate passwords while maintaining robust security measures.
Could Passwordless Authentication Be Worse Than Passwords?
Overview
Syllabus
Could Passwordless be Worse than Passwords?
Taught by
OWASP Foundation
Related Courses
-
Could Passwordless Authentication Be Worse Than Passwords?
-
Passwordless Authentication: Challenges and Solutions for Account Recovery
-
The State of Passwordless Auth on the Web
-
Navigating Passwordless Authentication with FIDO2 & WebAuthn
-
The State of Passwordless Auth on the Web - Phil Nash - NDC Porto 2023
-
OWASP Top 10 - A07:2021 - Identification and Authentication Failures
