15 Passwordless login: WebAuthn and hardware authentication
This chapter covers
- Using biometric authentication
- Using hardware keys for authentication
- Protecting your apps from passwordless authentication vulnerabilities
Imagine this: You’re trying to log in, but instead of typing a password and playing the “forgot password” game, you just look at your phone, tap a key, or scan your finger - You’re in! No passwords to forget, no SMS codes to wait for, and no hacker guessing your childhood pet’s name (RIP Fluffy).
But how do these futuristic authentication methods actually work? Are they really as secure as they sound? And what happens if you shave your beard or lose your security key? In this section, we’ll explore the magic behind biometric authentication and hardware security keys, their strengths, their potential weaknesses, and why they might just be the future of secure logins.
Biometric authentication and hardware security keys are passwordless authentication methods that verify a user’s identity in a highly secure and convenient way. Instead of relying on something you know (like a password), they rely on something you are (biometrics) or something you have (a physical security key).