Passkeys Have Problems, but So Will You If You Ignore Them
Security
Authentication
Phishing
Back in 2024, many of us in the Rails community dismissed passkeys as hype rather than a real password replacement. But now we're facing a serious problem - a newer and more sophisticated attack called Real-Time Phishing is gaining popularity and effortlessly defeating nearly all popular 2FA methods, except one: passkeys. Even security experts are getting fooled, and AI makes these attacks frighteningly scalable. In this session, I'll demo exactly how attackers execute real-time phishing live. Then we'll turn the tables: I'll guide you step-by-step through adding secure, user-friendly passkey authentication as an MFA option to your Rails 8 apps. Come on, Rails! Let's give passkeys one more chance.
Sep 05 - 14:45 to 15:15
Track 2 - Graanbeurs
About the speaker
Jason Meller
VP, Engineering
Jason Meller is VP of Engineering at 1Password, the author of the Honest Security manifesto (honest.security), and the former CEO & founder of Kolide. Jason has spent his 15 year career building Rails apps for IT/Security professionals, with the goal of making the field accessible to newcomers.