Talks
Speakers
Events
Topics
Sign in
Home
Talks
Speakers
Events
Topics
Leaderboard
Use
Analytics
Sign in
Suggest modification to this talk
Title
Description
Nowadays, passwords are still our most common authentication method. However, they are not secure enough and have terrible UX. Therefore, big industry players in the FIDO Alliance like Google, Mozilla, Apple, Amazon (among others) collaborated together to find a solution. WebAuthn was born and eventually became a W3C standard enabling users to authenticate on the web using public-key cryptography together with biometrics. This talk will allow you to learn what WebAuthn is and how it works. You’ll also see how any Ruby app can easily get the level of authentication security and UX users deserve.
Date
Summarized using AI?
If this talk's summary was generated by AI, please check this box. A "Summarized using AI" badge will be displayed in the summary tab to indicate that the summary was generated using AI.
Show "Summarized using AI" badge on summary page
Summary
Markdown supported
In this informative presentation at RailsConf 2023, Braulio Martinez discusses the evolution of passwordless authentication through the introduction of WebAuthn, a standard developed by the W3C and the FIDO Alliance. The main theme revolves around the inadequacies of traditional password-based authentication and how WebAuthn addresses these issues by enabling secure, user-friendly methods using public-key cryptography and biometrics. Key points discussed include: - **Background on Authentication**: Martinez outlines the three types of authenticator factors—knowledge (password), possession (security keys), and intrinsic (biometrics)—and identifies the critical security flaws associated with password use, such as susceptibility to phishing and brute force attacks. - **Introduction to WebAuthn**: WebAuthn is presented as a standard that defines APIs for registering and authenticating users robustly without relying solely on passwords. It was developed to enhance security and improve user experience across web applications. - **How WebAuthn Works**: The technology involves a registration and authentication process where a user's credentials are securely stored on specific hardware devices. An overview of the technical flow is provided, illustrating how the browser, authenticator, and server interact during these processes. - **Implementation in Ruby Applications**: Martinez discusses the ease of integrating WebAuthn into Ruby apps, demonstrating how the WebAuthn Ruby gem facilitates this integration, allowing developers to quickly adopt secure authentication practices. - **Industry Adoption**: Several major companies and platforms like GitHub, Google, and AWS have begun employing WebAuthn and passkeys to enhance their authentication processes, showcasing real-world examples of its application. - **Future Prospects**: The talk touches on the concept of 'passkeys,' highlighting ongoing improvements and cross-device compatibility which aim to streamline user experience further. Concluding the talk, Martinez encourages developers to embrace WebAuthn in their applications, emphasizing its potential to greatly enhance security and user satisfaction. With the rise of cyber threats, transitioning to more secure methods of authentication not only is a technical upgrade but a necessity for the future of digital security.
Suggest modifications
Cancel
