Speakers: Nick Steele, Duo and James Barclay, Cruise

As WebAuthn and the FIDO2 framework continue to mature, many developers continue to struggle with understanding the terms and functionality continuously being added to the various specifications. Sometimes, just keeping up requires a good deal of knowledge about identity, authentication, and security. While having a security engineering team shouldn’t be a prerequisite for adopting FIDO2, it sure can help! This talk will address some of the obstacles that engineers may face when implementing WebAuthn and FIDO2. Additionally, we’ll draw from our experiences with real-world deployments and developing widely used WebAuthn libraries to explain the terms and concepts that are central to FIDO2, and what it takes to ensure a successful deployment. Finally, we’ll discuss account recovery options, authenticator attestation and when to do it, and some of the recent additions to WebAuthn attestation statement formats.