20 August 2020
This year, I had the pleasure of (virtually) speaking at NDC Oslo. While it would have been great to present at the Oslo Spectrum, I still got the chance to talk about my recent work with FIDO2 and WebAuthn, which resulted in the creation of FIDO2 for ASP.NET.
If you want to learn more about how user authentication works on the web and how I think FIDO2 is going to be the solution to many of our issues, then check out my talk below.
10 February 2020
Last week Google released an open-source FIDO2 authenticator called OpenSK, implemented in Rust.
OpenSK is not too dissimilar to the Solo Key, but unlike Solo, it is not yet suitable for everyday usage. It is not FIDO certified, and at the time of writing, it uses Rust implementations of the required cryptographic algorithms (e.g. ECDSA), as opposed to using available hardware-accelerated cryptography. For now, OpenSK is for research purposes only.
In this article, I’m going to talk through my creation of a security key using OpenSK (I am a Windows user, and this is all new to me). I’m also going to see how well the current implementation works with a FIDO conformant relying party (registration and authentication) such as FIDO2 for ASP.NET Core.
05 July 2018
Last Updated: 12 September 2019
Passwords suck. People have been moaning about this for years, and it is becoming more and more apparent as we see high profile data and account breaches happen every day and the emerging necessity of services such as Have I Been Pwned and Pwned Passwords.
So, what’s the solution? FIDO2 (Fast Identity Online 2) seems a very strong candidate for a passwordless future or at the very least as a second factor, using public key cryptography to bring easy to use, unphishable credentials to the masses.
In this article, I’m going to talk through the basic ideas and concepts behind FIDO2, and then walk through a basic FIDO2 relying party proof of concept that I have created using ASP.NET Core.