Alex Willmer joins us to talk about the future of authentication, a concern across all platforms.
Passwords are a pain for us all - programmers, users and admins alike. How can we reduce that pain, or eliminate it entirely?
Universal Authentication Framework (UAF) & Universal Second Factor are new specifications for authentication. They aim to standardise the mishmash of passwords, password managers, proprietary APIs, tokens, biometrics etc. The specifications are backed by the FIDO Alliance. Members include Google, Intel, Mastercard, Microsoft, PayPal, RSA, Samsung, Yubico.
Supported products are already shipping - including the Galaxy S5/S6, servers, plus clients for Android, iOS. Windows 10 will also support U2F out the box.
Administrators don't have to send out special smartcards or key fobs. Programmers can use the same API for a USB token, a phone with a fingerprint sensor, or any other device. Servers don't need to store sensitive password data. Users can login with the device they're already carrying - their smartphone. If you've ever wished Apple's Touch ID was cross platform this is for you.
This talk will describe how UAF and U2F work and demonstrate how they're used in a web application. Finally it will summarize the state of support for UAF & U2F in browsers, devices, and the wider world.
There is hope: you may never have to type