79 subscribers
Go offline with the Player FM app!
Podcasts Worth a Listen
SPONSORED


1 America’s Sweethearts: Dallas Cowboys Cheerleaders Season 2 - Tryouts, Tears, & Texas 32:48
Creating the WebAuthn Components Library for Phoenix LiveView Apps with Owen Bickford
Manage episode 450140494 series 2493466
Today on Elixir Wizards, Owen Bickford, fellow Wizard and creator of the WebauthnComponents library, joins us to talk about building passwordless authentication for Phoenix LiveView applications. Owen walks us through the evolution of authentication—touching on everything from plain text passwords to multi-factor setups—and explains the security flaws and user experience issues each method presents. He describes passkeys, a solution based on the WebAuthn API, which improves security and ease of use.
The conversation covers cross-device support for passkeys, the role of password managers in keeping credentials synced, and ideas for enhancing WebauthnComponents, like supporting multiple passkeys per account. Owen invites listeners to contribute to the library’s development on GitHub and emphasizes the role passkeys play in improving app security and user experience.
Topics discussed in this episode:
- Passkeys and the shift toward passwordless authentication
- WebAuthn API and its role in secure login systems
- Creating the WebauthnComponents library for Phoenix LiveView
- History of authentication from basic passwords to multi-factor approaches
- Security gaps and user experience challenges with traditional methods
- Asymmetric cryptography’s impact on secure logins
- Hardware-based credential storage and generation with Trusted Platform Modules
- Structure and components of the WebAuthn library: dependencies, LiveViews, and Ecto schemas
- Live components for real-time server-browser interactions
- Passkeys as a primary or secondary authentication method
- Key business considerations when choosing authentication methods
- Cross-device support for passkeys and credential syncing
- Strategies for passkey recovery if devices are lost
- Ensuring secure access in unattended environments
- Elixir’s ecosystem advantages for building authentication systems
- Simplifying JavaScript complexity within Elixir projects
- Future-proofing WebAuthn Components for seamless updates
- Using Igniter to enhance customization and refactoring
- Developer-friendly tools for secure authentication
- Inviting community contributions on GitHub and the Elixir forum
- Plans for telemetry and performance tracking
- Why adopting passkeys is a win for app security and user experience
Links mentioned:
https://github.com/liveshowy/webauthn_components
https://en.wikipedia.org/wiki/Salt_(cryptography)
https://en.wikipedia.org/wiki/Rainbow_table
https://en.wikipedia.org/wiki/Multi-factor_authentication
https://oauth.net/2/
https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API
https://www.w3.org/TR/webauthn-3/
https://www.microsoft.com/en-us/windows/tips/windows-hello
https://trustedcomputinggroup.org/resource/trusted-platform-module-tpm-summary/
https://hexdocs.pm/phoenix/mix_phx_gen_auth.html
https://en.wikipedia.org/wiki/Public-key_cryptography
SSH Protocol (Secure Shell) https://en.wikipedia.org/wiki/Secure_Shell
https://www.yubico.com/products/yubikey-5-overview/
https://fidoalliance.org/how-fido-works/
https://1password.com/
https://keepassxc.org/
https://hexdocs.pm/ecto_ulid/Ecto.ULID.html
https://en.wikipedia.org/wiki/Universally_unique_identifier
https://hexdocs.pm/ecto/Ecto.Schema.html
https://hexdocs.pm/sourceror/
https://github.com/ash-project/igniter
Forum thread:
https://elixirforum.com/t/webauthnlivecomponent-passwordless-auth-for-liveview-apps/49941
197 episodes
Manage episode 450140494 series 2493466
Today on Elixir Wizards, Owen Bickford, fellow Wizard and creator of the WebauthnComponents library, joins us to talk about building passwordless authentication for Phoenix LiveView applications. Owen walks us through the evolution of authentication—touching on everything from plain text passwords to multi-factor setups—and explains the security flaws and user experience issues each method presents. He describes passkeys, a solution based on the WebAuthn API, which improves security and ease of use.
The conversation covers cross-device support for passkeys, the role of password managers in keeping credentials synced, and ideas for enhancing WebauthnComponents, like supporting multiple passkeys per account. Owen invites listeners to contribute to the library’s development on GitHub and emphasizes the role passkeys play in improving app security and user experience.
Topics discussed in this episode:
- Passkeys and the shift toward passwordless authentication
- WebAuthn API and its role in secure login systems
- Creating the WebauthnComponents library for Phoenix LiveView
- History of authentication from basic passwords to multi-factor approaches
- Security gaps and user experience challenges with traditional methods
- Asymmetric cryptography’s impact on secure logins
- Hardware-based credential storage and generation with Trusted Platform Modules
- Structure and components of the WebAuthn library: dependencies, LiveViews, and Ecto schemas
- Live components for real-time server-browser interactions
- Passkeys as a primary or secondary authentication method
- Key business considerations when choosing authentication methods
- Cross-device support for passkeys and credential syncing
- Strategies for passkey recovery if devices are lost
- Ensuring secure access in unattended environments
- Elixir’s ecosystem advantages for building authentication systems
- Simplifying JavaScript complexity within Elixir projects
- Future-proofing WebAuthn Components for seamless updates
- Using Igniter to enhance customization and refactoring
- Developer-friendly tools for secure authentication
- Inviting community contributions on GitHub and the Elixir forum
- Plans for telemetry and performance tracking
- Why adopting passkeys is a win for app security and user experience
Links mentioned:
https://github.com/liveshowy/webauthn_components
https://en.wikipedia.org/wiki/Salt_(cryptography)
https://en.wikipedia.org/wiki/Rainbow_table
https://en.wikipedia.org/wiki/Multi-factor_authentication
https://oauth.net/2/
https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API
https://www.w3.org/TR/webauthn-3/
https://www.microsoft.com/en-us/windows/tips/windows-hello
https://trustedcomputinggroup.org/resource/trusted-platform-module-tpm-summary/
https://hexdocs.pm/phoenix/mix_phx_gen_auth.html
https://en.wikipedia.org/wiki/Public-key_cryptography
SSH Protocol (Secure Shell) https://en.wikipedia.org/wiki/Secure_Shell
https://www.yubico.com/products/yubikey-5-overview/
https://fidoalliance.org/how-fido-works/
https://1password.com/
https://keepassxc.org/
https://hexdocs.pm/ecto_ulid/Ecto.ULID.html
https://en.wikipedia.org/wiki/Universally_unique_identifier
https://hexdocs.pm/ecto/Ecto.Schema.html
https://hexdocs.pm/sourceror/
https://github.com/ash-project/igniter
Forum thread:
https://elixirforum.com/t/webauthnlivecomponent-passwordless-auth-for-liveview-apps/49941
197 episodes
All episodes
×
1 Set Theoretic Types in Elixir with José Valim 45:40

1 SDUI at Scale: GraphQL & Elixir at Cars.com with Zack Kayser 49:18

1 Rustler: Bridging Elixir and Rust with Sonny Scroggin 48:58

1 Nx and Machine Learning in Elixir with Sean Moriarity 44:21

1 LangChain: LLM Integration for Elixir Apps with Mark Ericksen 38:18

1 Blue Heron: Bluetooth Low Energy (BLE) for Elixir & Nerves with Connor Rigby 46:16

1 Zigler: Zig NIFs for Elixir with Isaac Yonemoto 43:00

1 Building an Open Vehicle Control System using Elixir and Nerves with Marc, Thibault, and Loïc 54:19

1 Creating Horizon: Deploy Elixir Phoenix Apps on FreeBSD with Jim Freeze 44:48

1 Telemetry & Observability for Elixir Apps at Cars.com with Zack Kayser & Ethan Gunderson 42:39

1 Scaling the Daylite Apple-Native CRM Using Elixir with AJ 52:21

1 Creating the Castmagic AI-Powered Content Workflow Platform with Justin Tormey 35:40

1 Creating the Standd AI-Native Due Diligence Platform with Stephen Solka 48:44

1 Creating the WebAuthn Components Library for Phoenix LiveView Apps with Owen Bickford 57:32

1 Creating a Terrestrial Telescope using Nerves & LiveView with Lucas Sifoni 49:56
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.