15 Passwordless login: WebAuthn and hardware authentication

 

This chapter covers

  • Using biometric authentication
  • Using hardware keys for authentication
  • Protecting your apps from passwordless authentication vulnerabilities

Imagine this: You’re trying to log in, but instead of typing a password and playing the “forgot password” game, you just look at your phone, tap a key, or scan your finger - You’re in! No passwords to forget, no SMS codes to wait for, and no hacker guessing your childhood pet’s name (RIP Fluffy).

But how do these futuristic authentication methods actually work? Are they really as secure as they sound? And what happens if you shave your beard or lose your security key? In this section, we’ll explore the magic behind biometric authentication and hardware security keys, their strengths, their potential weaknesses, and why they might just be the future of secure logins.

Biometric authentication and hardware security keys are passwordless authentication methods that verify a user’s identity in a highly secure and convenient way. Instead of relying on something you know (like a password), they rely on something you are (biometrics) or something you have (a physical security key).

15.1 Biometric authentication

15.1.1 Fingerprint Scanning (Most Common)

15.1.2 Facial Recognition (Rapidly Growing)

15.1.3 Iris & Retina Scanning (Highly Secure)

15.1.4 Voice Recognition (Used in Call Centers & Virtual Assistants)

15.1.5 Palm Vein Recognition (High Security, Less Common)

15.2 Authenticating using hardware keys

15.3 Implementing WebAuthn authentication

15.4 Exercises

15.5 Summary