Deploying WebAuthn at Dropbox Scale: Second Factor and Beyond
Date: August 8 2018
Publication: BSidesLV 2018
Source: Currently no known Internet copy of paper.
Abstract or Summary:
WebAuthn is a new standard for strong authentication on the web, giving users an easy to use, phishing-resistant way to authenticate. This talk will look at how the standard enables key use cases of second factor authentication (2FA) and primary login with WebAuthn capable devices and explore practical considerations for deploying it. I’ll talk about lessons learned adding WebAuthn 2FA support to Dropbox and discuss policy and usability questions around using WebAuthn for primary login. To get to a world where WebAuthn replaces passwords, we’ll need to figure out how to handle varying device capabilities and account recovery. Even before resolving these questions, WebAuthn offers clear benefits that encourage deployment.
PasswordResearch.com Note: Video of presentation: https://www.youtube.com/watch?v=TCAJBfvz0nE
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.