Beyond Passwords: How WebAuthn Actually Works

Passwords are a pain, and we all know it. They're either insecure or impossible to remember, and password managers can only go so far. How can we do better? The answer is WebAuthn.

WebAuthn is set of standards that allows you to use hardware authentication tokens (like a YubiKey) to authenticate with web services, and it's absolutely magic. Join me for a deep dive on what WebAuthn actually is, how it works, and how to implement it in your own web services. We'll also discuss the practicalities of using hardware tokens in practice, the protocols they use to interface with your devices, and the mysterious cryptography that they use to keep you safe.