Passkeys in practice: implementing passwordless apps by Daniel Garnier-Moiroux

Passwords. They're everywhere, they get leaked... A security nightmare! A work-around is to a delegate authentication to a third party, for example using OpenID Connect. But sometimes you can't or don't want to do that - can you go password-less, with user-friendly flows? Passkeys, and more specifically, is a browser-based technology that allows you to log in using physical devices, such as a Yubikey, or MacOS's TouchID or iOS' FaceID. It has been well-supported by browsers for multiple years now. With this technology, we can make our apps authenticate users without a password. In this presentation, we will discuss the basics of WebAuthN, and use the brand new support for passkeys in Spring Boot 3.4 to integrate it in an existing application.