We all know we should be using Strong Passwords and Two-Factor to protect our online accounts, but following best practices isn’t always easy. Teaching clients that they need to be using a distinct strong password on all their sites plus a password manager to keep track of all of them has already been difficult. And while Two-Factor protects against nearly all attempts to hack your accounts, it’s even harder to convince clients to use it.
Luckily, the fine folks at the FIDO Alliance have been working hard at this problem for years. WebAuthn is a comprehensive standard to let users log into apps & websites without needing to user a password or a two-factor code. With WebAuthn you can log in using authentication methods built into your device like Face ID, Touch ID, or Windows Hello.
Passkeys is the latest version of this standard and it promises to deliver a simpler and even more secure way of getting signed in. In this talk, we’ll explore the different ways hackers can break into your user accounts. Them, we’ll explore how you can use passkeys across the web and to protect your WordPress website.