Deploying WebAuthn at Dropbox Scale: Second Factor and Beyond
Authors: Brad Girardeau

Date: August 8 2018
Publication: BSidesLV 2018
Source: Currently no known Internet copy of paper.

Abstract or Summary:
WebAuthn is a new standard for strong authentication on the web, giving users an easy to use, phishing-resistant way to authenticate. This talk will look at how the standard enables key use cases of second factor authentication (2FA) and primary login with WebAuthn capable devices and explore practical considerations for deploying it. Ill talk about lessons learned adding WebAuthn 2FA support to Dropbox and discuss policy and usability questions around using WebAuthn for primary login. To get to a world where WebAuthn replaces passwords, well need to figure out how to handle varying device capabilities and account recovery. Even before resolving these questions, WebAuthn offers clear benefits that encourage deployment. Note: Video of presentation:

Do you have additional information to contribute regarding this research paper? If so, please email with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2019