Explore the world of advanced user authentication in this 44-minute RSA Conference talk. Learn how FIDO2 and WebAuthn technologies effectively combat account takeovers and provide stronger security than traditional methods. Discover the limitations of password-based systems and user education, and understand the evolution from U2F to WebAuthn. Gain insights into implementing these protocols for personal protection and integrating them into your own systems. Delve into the registration and authentication processes, client libraries, and best practices for making informed security decisions. Suitable for those with a basic understanding of password-based authentication and public key cryptography.
How FIDO2 and WebAuthn Stop Account Takeovers
Overview
Syllabus
Intro
Meta slide - Me
Login & Password
Threat - Guessed password
Password reuse
Threat - Credential stuffing
One time passwords
The fundamental issue...
FIDO2
Registration dance
Authentication dance
Client Library
Painful realities
Make good choices
Taught by
RSA Conference
