Could Passwordless Authentication Be Worse Than Passwords?

Explore the potential risks and vulnerabilities of passwordless authentication technologies in this 29-minute OWASP Foundation conference talk. Delve into real-world scenarios where faulty implementation of passwordless solutions for web applications can lead to more significant security breaches than traditional password-based systems. Learn about the misconceptions surrounding the unhackability of passwordless technologies and the possibility of account takeover and user impersonation. Discover best practices for developers integrating WebAuthn into web applications, along with recommendations for pentesters, enterprises, and end-users. Gain insights from Aldo Salas, Application Security Lead at HYPR, as he shares his extensive experience in application security and his quest to eliminate passwords while maintaining robust security measures.

Could Passwordless be Worse than Passwords?