register for 2024
May 28-31, 2024 | Aria Resort & Casino, Las Vegas, NV
register for 2024
Identiverse 2023 • Session
Thinking Differently About Passkeys - New Threats Require a New Threat Model
Deployments and Leading Practices
Back to Main Agenda
Juniper 1
5:05 pm - 5:30 pm
Senior Security Engineer
AWS Identity
Session Abstract: Passkeys are promoted as the password killer to minimize phishing, password reuse, and customer frustrations with passwords. While passkeys create significant usability and security improvements over passwords, we are still early in the passkey journey. In this talk, we’ll explore how passkeys require users and services to think differently about managing credentials, and the new risks that arise with passkeys, enabling attendees to threat model their passkey deployment scenarios. Specific issues we’ll cover include: • Breaking out of the one credential per relying party (RP) paradigm of credential management for users and RPs • Modeling the impact of passkeys on account recovery • Shared passwords vs. shared passkeys • Differential security controls between passkey providers including authentication, account recovery, passkey generation, synchronization, and storage at rest
Follow us on
identity everywhere
Stay informed on the latest event updates
Identiverse: The Identity Universe
hosted by CyberRisk Alliance
register now