2024-08-06 –, Tuscany
Passwordless is here to stay as we have seen in the past few years, this is further shown by all the support companies are providing for passkeys, security keys, FIDO2, etc. However, this represents a challenge for the industry and all the existing legacy applications.
During this talk I'll present the challenges encountered for account recovery and identify verification that are now present as we remove more and more passwords every time.
This talk will cover the current trends in passkeys and how users and companies are adopting them. In this talk I will describe some issues that arise when using passkeys from an end-user perspective.
We will cover what are the main traditional account recovery options and how passkeys integrate with this. I will describe what IDV (Identify Verification) is and what companies are doing to adopt it.
The main takeaway from this talk is showing the challenges and concerns that arise when passkeys are adopted. IDV is not specific for passkeys and those use-cases will be covered as well.
Aldo has more than 15 years of experience in all stages of Application Security, from penetration testing to program management, and he’s currently in a quest to get rid of passwords by leading the Application Security program at HYPR. Aldo has participated as an OWASP local chapter leader for many years and he’s active in the bug bounty community as well. Aldo has worked with a wide variety of technologies and businesses including financial, healthcare, media and entertainment, education, and information technology.