We won! 2021 FIDO Developer Challenge: FIDO2 WebAuthn for Passwordless MFA on Amazon Cognito

Has on-board WiFi ever actually worked for anyone?

Solving the password problem with “passwordless”

https://xkcd.com/936/

What are some weaknesses of OTP over SMS/Email?

Possession-based factors

Knowledge-based factors

Biometric-based factors

Leveraging FIDO2 WebAuthn to implement multi-factor passwordless authentication

Security keys (roaming authenticators)

Mobile phones (platform authenticators)

Web service asks web app to authenticate user with an on-device platform authenticator or external security key potentially using Biometrics

The FIDO Developer Challenge

Implementing passwordless MFA using FIDO2/WebAuthn

FIDO2 WebAuthn terms

Lockdrop’s existing authentication system

https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html

Open-source FIDO2 Libraries (FIDO Servers)

Rough evaluation based on my own experience between the two libraries, YMMV

FIDO2 in Amazon Cognito using Custom Authentication Flows

https://github.com/lockdrop/cdk-serverless-cognito-fido2-webauthn
https://github.com/lockdrop/cdk-serverless-cognito-fido2-webauthn
https://github.com/lockdrop/cdk-serverless-cognito-fido2-webauthn

What about Lockdrop’s implementation?

Using an Octatco EzFinger2 biometric enabled security key to register
Similarly authenticating with the same security key as part of the sign-in process
Authenticating on iPhone using a platform authenticator

Sponsors of the 2021 FIDO Developer Challenge

Octatco EzFinger2+, TrustKey G320H & G310H, non-biometric Yubikey 5 Series

Final thoughts

--

--

--

Cloud Infrastructure Architect @ AWS | CISSP | AWS-SAP,DOP

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

inSure DeFi is partnering with OVR to provide insurance for their AR & VR platforms.

{UPDATE} Nonogram (Picross Logic) Hack Free Resources Generator

OceanEx Monthly Update — July 2020

Weekly Newsletter 25 March 2022

The easiest guide to top up your phone with cryptocurrencies

iBG Finance

How to connect your Umbrel node to Joule

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Aaron Brighton

Aaron Brighton

Cloud Infrastructure Architect @ AWS | CISSP | AWS-SAP,DOP

More from Medium

Place Custom Orders in Shopify

Writing Your Own Ansible Module

How to Monitor SD-WAN Migrations

How to Monitor SD-WAN Migrations Obkio

Preserve authenticated AWS Cognito state in Playwright