Skip to Main Content
Lightning Talk Beginner MIT License, CERN OHL-W

Building Passwordless Authentication Systems with Open Hardware and FOSS

Approved
Session Description

Simple understand on how most of the passwordless system works.
Webauthn and fido underlying backbone for this systems to work and how we can try to incoperate
more security via hardware tokens.

main difference btw soft token systems ( bitwarden and os level key chains[ macos and windows keymanager] ) and hard token systems (yubikey , thales key)

We should be able to produce hardware based key since google enforces to use hard token in every session for employees in the google servers and office network.

Key Takeaways

The core standards behind passwordless systems (WebAuthn, FIDO2, CTAP),
Using open-source implementations such as OpenSK to build custom security devices and try to make a self owned custom security device in nrf52 or esp32 based boards.

This will be why passwords are fundamentally insecure and why the industry is moving toward passwordless authentication.

References

https://webauthn.io/
https://fidoalliance.org
https://github.com/google/OpenSK
https://passkeys.dev

Session Categories

Technology architecture
Knowledge Commons (Open Hardware, Open Science, Open Data etc.)
Talk License: MIT License, CERN OHL-W

Speakers

Mithilesh Student researcher | IITM

a system administrator and opensource developer with a strong interest in security systems, embedded hardware, and authentication technologies.
Mithilesh

Reviews

This sounds interesting, good topic for a lightning talk.

Reviewer #1 Approved

The topic is interesting, but the proposal is woefully short on details and riddled with errors. As this proposal was accepted as a lightning talk, I sincerely request that the proposer seek additional help when putting together the presentation.

Reviewer #2 Not Sure