Posts

Passkeys arrived on the scene in 2022 with yet another promise of freeing us all from passwords. Have we actually made any progress on that goal? We’ll dive into the journey to passkeys, how they work, the improvements to security and user experience, (hopefully!) clear up some misconceptions, and offer some reflection on pain points at global scale. We’ll also take a look into the future with the intersection of passkeys, federation, and digital identity wallets.

As 2024 draws to a close, I’m grateful for the many organizations working tirelessly to make the world a better place. Here are a few nonprofits that have captured my heart and inspired me to give back in 2024.

a session at Authenticate 2024 which dives into the intricate relationships between websites, browsers, apps, operating systems, passkey providers, and security keys, and each party’s role and impact on user experience and functionality.

Topics # At TPAC 2023, we introduced the topic of digital identity wallets and their use on the web, and asked the community for use cases, concerns, and asked browser engine maintainers to express interest in this work.

A quick guide on creating a basic short link / redirect service for free using Cloudflare Workers KV

an overview of the Digital Credentials API in the context of NIST’s NCCoE mDL program

FedCM 101 presentation at the OAuth Security Workshop 2024

a session at Authenticate 2023 on the basics of passkeys, phishing resistance, some history, and a look at the future

a session at Identiverse 2023 on using the Continous Access Evaluation Profile with the Shared Signals Framework to signal across different vendor ecosystems changes in session context

a session at Identiverse 2020 on network authentication and identity in the zero trust networking era