The Everything Feed - All Packet Pushers Pods PP073: Identify Yourself: Authentication From SAML to FIDO2
Aug 5, 2025
Wolf Goerlich, a practicing CISO and former Duo advisor, dives deep into the evolving landscape of identity and authentication. He explores the journey from SAML to passwordless solutions like FIDO2, analyzing what works and what doesn't. The discussion highlights the security implications of AI in identity management and navigates the unique challenges faced by public sector services, especially in emergency scenarios. Goerlich also critiques traditional password practices and the ethical dilemmas of anti-phishing training, advocating for a more nuanced approach to cybersecurity.
AI Snips
Chapters
Transcript
Episode notes
Evolution from SAML to OIDC
- SAML began as an XML-based federated authentication standard, useful for single sign-on across domains.
- OAuth followed as a JSON-based authorization framework for app data sharing, with OpenID Connect adding authentication later.
Passkeys replace passwords
- Passwords are replaced by FIDO2 passkeys using cryptographic public-private key pairs.
- Passkeys authenticate without user input of secrets and are stored securely in hardware like TPMs or secure enclaves.
Store passkeys in password managers
- Use a password manager to securely store and port passkeys across devices today.
- Avoid storing passkeys directly in browsers or cloud services due to higher risk of compromise.