Password authentication vulnerabilities
Whilst we can mitigate many of the risks associated with password based authentication, it usually comes at the cost of usability.
We're now live! Signup now
Mostly covering Passkeys and the Web Authentication API (WebAuthn), but also some other authentication & security related stuff.
Whilst we can mitigate many of the risks associated with password based authentication, it usually comes at the cost of usability.
All the major browsers now support passkeys, however biometric support is often limited to those browsers with tight platform integration e.g. Safari on iOS and Chrome on Android.
Infosec practitioners love them, but users hate them. The truth is that the average user can't remember a secure password. There are much better options going into 2024.
How we built our serverless Passkey platform using the AWS stack.
We employ a range of measures to protect the confidentiality, integrity and availability of your data.
Passkeys are tied to specific (https) websites. Browsers won't use a private key intended for one website to sign a challenge generated by a different site.
Roaming authenticators allow users to sign in to a website on one device, using a passkey stored on a different device.
Passkeys enable two factor authentication (including biometrics). Users can even use a biometric enabled device e.g. iPhone FaceID to authenticate against a device lacking this capability e.g. a desktop.