The adoption of passkeys has continued to increase as a way to provide phishing-resistant authentication for user accounts. While this has helped create huge strides for the protection of consumer accounts, those responsible for protecting user accounts in enterprises, public sector, and highly regulated industries may still be unsure how to incorporate passkeys into their security strategy.

In this session we will walk through different techniques and implementation patterns that can be used for adopting passkeys for applications with a high risk profile. By the end of this session you will understand:

• The difference between low and high assurance passkeys
• How to perform step-up authentication in a passkey enabled application
• How to allow security conscious, and high-risk users to opt-in to a an account protected with only high assurance passkeys
• UX flows and patterns for helping users understand and use their passkeys 

This talk is for developers, architects, and all security professionals who are interested in learning advanced passkey techniques. It is assumed you have some familiarity with the concept of passkeys, along with beginner level knowledge of programming, application development, and security concepts.