CS253 Lecture Summaries: Part XIV: WebAuthn
Password recap:
Use bcrypt. Terribly phishable.
Authentication factors. Something you know, have, are.
Urges us to stop thinking about factors. WebAuthn is supposed to help stop thinking about factors.
What is WebAuthn? A browser API for many authentication factors.
It has two main methods:
navigator.credentials.create(...)
navigator.credentials.get(...)
They have very complicated arguments!
Essentially there are two things - I have a physical authentication key that I want to tell the site about (create). Or I want to use the credential (get) with a site.
You can test out WebAuth on this site
And demo in https://webauthn.io