fediversity_website/content/evenementen/nluug/voorjaarsconferentie-2019/talks/joost-van-dijk-fido2-and-web-authentication.md
Patrick Reijnen 971e1c4bf5 3 talks toegevoegd aan 2019vj
Markdown opmaak fouten opgelost
2023-07-29 16:53:38 +02:00

2 KiB
Raw Blame History

categories date description layout tags title speakers presentation recording
presentaties
2019-05-23T10:31:43+02:00 event-talk
fido2
web-authentication
Joost van Dijk - FIDO2 and Web Authentication
joost-van-dijk
filename
2019-05-23-joost-van-dijk-fido2-and-web-authentication.pdf
platform url
youtube https://www.youtube.com/watch?v=04AaSqXRJzU

Abstract

Earlier this year, the World Wide Web Consortium published the W3C Recommendation for Web Authentication: An API for accessing Public Key Credentials. This API enables web sites to authenticate users with FIDO2 authenticators — small hardware tokens that can be used as a second factor for protecting your accounts at Dropbox, Google, and Microsoft (just like its predecessor, FIDO U2F).

Moreover, FIDO2 support passwordless login, where users can access their accounts without the need to enter any credentials, instead performing some user action like pushing a button or scanning a fingerprint.

Also of great importance are the security benefits of FIDO2 tokens, in particular its privacy properties and protection from phishing and Man-in-the-Middle attacks.

In this presentation, we will dive into this new technology and see how it works under the hood, why it improves on usability, security, and privacy aspects compared with traditional solutions, and how it can be integrated into your own web applications.

Biography

Joost van Dijk works for SURF, the collaborative organisation for ICT in Dutch education and research as a technical product manager in the field of Security and Privacy.

For the past decade, he has been working on solutions for improving the usability and security of authentication for SURF's population of 1.5 million students, researchers, and staff. He was involved in the development of SURFs service for strong authentication and is the co-designer of the open source authentication app tiqr.