SecAppDev 2024 lecture details
Passkeys: the future of user authentication
This session explores passkeys as a replacement for complex multi-factor authentication, covering user and developer perspectives and the technical details of passkeys.
Wednesday June 5th, 11:00 - 12:30
Room Lemaire
Download handoutsAbstract
User authentication has been a mess for ages. Attempts to fix it by adding more authentication factors might work, but is quite complex. But what if there's a world where we can replace this insecure first factor with single strong authentication mechanism? That's what passkeys promise to do!
This session will dive head-first into passkeys. We not only explore passkeys from a user's perspective and a developer's perspective, but we also look at the mechanics under the hood. By the end of this session, you will understand how passkeys work and will know how to use them in your applications.
Key takeaway
Passkeys offer strong user authentication across platforms, with a fully integrated browser UI.
Content level
Advanced
Target audience
Developers, architects, and end users
Prerequisites
None.
Philippe De Ryck
Security Expert, Pragmatic Web Security
Expertise: Web security, API security, OAuth 2.0, OpenID Connect
Related lectures
Supercharging OAuth 2.0 security
Advanced lecture by Philippe De Ryck in room Lemaire
Tuesday June 4th, 16:00 - 17:30
Discover how to apply OAuth 2.0 in high-security scenarios, exploring its latest security enhancements. Learn about advanced features like Resource Indicators, JAR, PAR, and DPoP, gaining the knowledge to implement OAuth 2.0 securely.
Key takeaway: OAuth 2.0 offers various new security enhancements, including Resource Indicators, JAR, PAR, DPoP, designed for high-security environments
Practical cryptography with Tink
Deep-dive lecture by Neil Madden in room West Wing
Monday June 3rd, 16:00 - 17:30
Learn how to translate cryptography know-how into robust working code that is easy to review. Avoid common implementation pitfalls by learning how to use the modern Tink cryptographic library.
Key takeaway: Learn how to use Tink to implement cryptographic features and protocols in a robust manner.
Security foundations for modern web applications
Introductory lecture by Philippe De Ryck in room West Wing
Monday June 3rd, 11:00 - 12:30
In this session, we explore how to leverage the fundamental security model of the web for security. We also explore how to build a secure foundation for your web and API-based applications.
Key takeaway: Understand how the browser reasons about web security, and how you can leverage browser security mechanisms to secure your applications