The Fat Pipe - Most Popular Packet Pushers Pods PP073: Identify Yourself: Authentication From SAML to FIDO2
Aug 5, 2025
Wolf Goerlich, a former Duo advisor and CISO in public service, dives into the intricate world of identity and authentication. He discusses the evolution from SAML to FIDO2 and the promise of passwordless solutions. Goerlich sheds light on the challenges of implementing passwordless authentication in enterprises and how emerging technologies like quantum computing could affect security frameworks. He also addresses identity hurdles in municipal emergency services, alongside the pressing need for ethical phishing training and fostering a culture of security.
AI Snips
Chapters
Transcript
Episode notes
Evolution from SAML to FIDO2
- SAML started as an XML web authentication standard for federating identities in the early 2000s.
- OAuth followed as an authorization framework using JSON, and FIDO2 introduced passwordless cryptographic authentication.
Password Manager for Passkeys
- Use password managers to securely store and share passkeys across devices.
- Avoid storing passkeys in browsers or cloud places easily susceptible to breaches.
Passkeys Resist Proxy Phishing
- Passkeys resist phishing attacks because the authentication channel is bound and cannot be proxied.
- Traditional token-based authentication is vulnerable to session token theft via proxy attacks.