I have recently built a production-grade password-less user authentication system from scratch. It was simpler than I thought. I figure it would be an interesting topic to discuss. I do not believe you've had talks on Passkeys before
The rough outline would be:
- Introduction
- 1.1 Passwords are security nightmare
- 1.2 Authenticator apps are a hack
- 1.3 The login user flow
- Logging in with email
- 2.1 Simple but secure
- 2.2 Implementing login links (using JWTs)
- 2.3 Multiple emails
- Passkeys
- 3.1 Passkeys versus authenticators
- 3.2 Implementing passkeys (using SimpleWebAuthn)
4 Security considerations
- 4.1 Rate limiting
- 4.2 Signups
5 Practical considerations:
- 5.1 Avoiding the spam folder: HMARC, using a real email address, text version of email.
I will share as well a working demo written in TypeScript running on TanStack Start with Drizzle ORM and Sqlite.
I have recently built a production-grade password-less user authentication system from scratch. It was simpler than I thought. I figure it would be an interesting topic to discuss. I do not believe you've had talks on Passkeys before
The rough outline would be:
4 Security considerations
5 Practical considerations:
I will share as well a working demo written in TypeScript running on TanStack Start with Drizzle ORM and Sqlite.