15 Passwordless login: WebAuthn and hardware authentication
This chapter covers
- Using biometric authentication
- Using hardware keys for authentication
- Protecting your apps from passwordless-authentication vulnerabilities
Imagine this: You’re trying to log in, but instead of typing a password and playing the “forgot password” game, you look at your phone, tap a key, or scan your finger, and you’re in. There are no passwords to forget, no Short Message Service (SMS) codes to wait for, and no hacker guessing your childhood pet’s name (RIP Fluffy).
But how do these futuristic authentication methods work? Are they as secure as they sound? What happens if you shave your beard or lose your security key? In this section, we’ll explore the magic behind biometric authentication and hardware security keys, discussing their strengths, their potential weaknesses, and their prospects for being the future of secure login.
Biometric authentication and hardware security keys are passwordless-authentication methods that verify a user’s identity in a highly secure and convenient way. Instead of relying on something you know (such as a password), they rely on something you are (biometrics) or something you have (a physical security key).