Abstract or Summary:
At Duo Security, I have been part of a team driving one of the earliest product implementations of Web Authentication. We intend to leverage open standards like WebAuthn to help our customers move past passwords, and in doing so we’ve encountered interesting technical and cultural problems like: How do you assure users that we are not stealing their fingerprints? How do you avoid user confusion when their second factor is on the same device?

In this talk I’ll discuss the many user-experience and engineering challenges faced by my team in exploring and integrating the Web Authentication API. I’ll give an overview of how we architected an extendable WebAuthN backend to account for the many different types of data we can receive. I’ll talk about what it means to bet on Web Authentication and how it can be useful to you today.

PasswordResearch.com Note: Video of presentation: https://www.youtube.com/watch?v=N2nNZqgmu0g Project page: https://webauthn.guide/