GOTO - The Brightest Minds in Tech

Unlocking the Web: Exploring WebAuthn & Beyond • Eli Holderness & Mark Rendle

Jan 5, 2024

Mark Rendle interviews Eli Holderness, a developer advocate at Scaleway, about WebAuthn and the future of web authentication. They discuss topics such as public key cryptography, hardware security tokens, passwordless authentication challenges, data privacy, and the potential impact of WebAssembly on cloud computing. The conversation also touches on preferences in search engines, data bunkers, quantum computers, and casual interests in linguistics and retro gaming.

27:42

Creator website

Episode guests

Mark Rendle

Eli Holderness

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

WebAuthn utilizes hardware security tokens to provide secure and standardized authentication on the web without passwords, but usability concerns and the risk of losing tokens remain.

The use of pass keys as authentic factors for logging into websites simplifies the authentication process but raises concerns about centralizing user authentication credentials and data privacy.

Deep dives

WebAuthn: Authenticating without passwords

WebAuthn is a set of specifications developed by the Worldwide Web Consortium (W3C) that allows for secure and standardized authentication on the web without passwords. It utilizes hardware security tokens, such as USB sticks or NFC-enabled devices, that contain private keys and perform all cryptographic operations on the device itself. These tokens can be used as a security factor, confirming the user's identity without the need for passwords. The tokens communicate with the browser using the client to authenticator protocol (CTAP), ensuring a seamless user experience without compromising security. While WebAuthn provides an innovative and secure approach, there are usability concerns, such as keeping track of the hardware tokens and the risk of losing them.

Introduction

2min

Understanding WebAuthn and Hardware Tokens

10min

Preferences, Personalization, and Privacy in Search Engines and Technology Platforms

3min

Data Bunkers and Quantum Computers

10min

A Casual Conversation about Interests

2min

This interview was recorded at GOTO Amsterdam for GOTO Unscripted.
gotopia.tech

Read the full transcription of this interview here

Eli Holderness - Developer Advocate at Scaleway
Mark Rendle - Creator of Visual ReCode with 7 Microsoft MVP Awards & 30+ Years of Experience Building Software

RESOURCES
Eli
twitter.com/eliholderness
linkedin.com/in/eli-holderness-4890b886
hachyderm.io/@eli

Mark
twitter.com/markrendle
github.com/markrendle
linkedin.com/in/markrendle

DESCRIPTION
Mark Rendle interviews Eli Holderness, a developer advocate at Scaleway, about WebAuthn and the future of web authentication. Eli explains the intricacies of WebAuthn, delving into public key cryptography and hardware security tokens.

The conversation extends to broader topics, including data privacy, the challenges of passwordless authentication, and the potential impact of WebAssembly on cloud computing.

The interview provides insights into the evolving landscape of web development, security, and cloud services, offering a glimpse into the advancements and challenges faced by developers and cloud providers.

RECOMMENDED BOOKS
Liz Rice • Container Security
Liz Rice • Kubernetes Security
Aaron Parecki • OAuth 2.0 Simplified
Aaron Parecki • OAuth 2.0 Servers
Aaron Parecki • The Little Book of OAuth 2.0 RFCs
Erdal Ozkaya • Cybersecurity: The Beginner's Guide
Richer & Sanso • OAuth 2 in Action

Bluesky
Twitter
Instagram
LinkedIn
Facebook

CHANNEL MEMBERSHIP BONUS
Join this channel to get early access to videos & other perks:
https://www.youtube.com/channel/UCs_tLP3AiwYKwdUHpltJPuA/join

Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket: gotopia.tech

SUBSCRIBE TO OUR YOUTUBE CHANNEL - new videos posted daily!

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

GOTO - The Brightest Minds in Tech

Unlocking the Web: Exploring WebAuthn & Beyond • Eli Holderness & Mark Rendle

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

WebAuthn: Authenticating without passwords

Pass keys: Storing private keys in the cloud

WebAssembly and Modular Cloud Services

Remember Everything You Learn from Podcasts