Sign up to save your podcasts
Or
Share Passkeys: A Deep Dive into Authentication
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Passkeys: A Deep Dive into Authentication
Links
- Codecrafters (sponsor): https://tej.as/codecrafters
- Clerk: https://clerk.com
- Auth0: https://auth0.com
- Arctic (OAuth Library): https://arctic.js.org
- Lucia (Session Library): https://lucia-auth.com
Why do we still use passwords in 2026? In this episode of ConTejas Code, we tear down the complex world of digital identity. From the horror story of getting hacked at a hookah bar to the mathematical elegance of public-key cryptography, we cover how the internet knows who you actually are.
Let's break down the history of web authentication, explain why "logging in" is so much harder than it looks, and demystify the new standard taking over the web: Passkeys (WebAuthn). Whether you are a developer looking for an implementation playbook or just curious why your banking app requires a fingerprint, this deep dive explains the difference between Identity, Identifiers, and Credentials—and why you should stop rolling your own auth immediately.
Chapters
00:00:00 Welcome to ConTejas Code
00:01:06 Sponsor: CodeCrafters
00:01:42 Why Authentication Matters (High Stakes vs. Low Stakes)
00:07:30 Storytime: Getting Hacked at a Shisha Bar
00:19:48 The Vocabulary: Identity, Identifiers, and Credentials
00:27:45 The Three Factors (Something You Know, Have, Are)
00:34:28 Real World Analogies: House Keys, Speak-easies, and Hotel Cards
00:41:10 A History of Web Auth: From Basic Auth to the "Social Login" Mess
00:49:15 Authentication vs. Authorization vs. Accounting
00:57:00 The Problem with Passwords & MFA Fatigue
01:00:40 How Passkeys Work: Public Key Cryptography Explained
01:07:00 Under the Hood: WebAuthn, FIDO2, and The "Ceremonies"
01:13:40 Synced vs. Device-Bound Passkeys
01:16:30 The Playbook: How to Design Auth for SaaS, Mobile, and B2B
01:21:00 The Golden Rule: Don't Roll Your Own Crypto
01:23:00 Libraries & Tools You Should Use (Clerk, Auth0, Arctic)
01:28:40 The Minimum Viable Security Checklist
01:32:30 The Future of Passwordless Identity
Hosted on Acast. See acast.com/privacy for more information.
View all episodes
By Tejas Kumar
5
99 ratings
Links
- Codecrafters (sponsor): https://tej.as/codecrafters
- Clerk: https://clerk.com
- Auth0: https://auth0.com
- Arctic (OAuth Library): https://arctic.js.org
- Lucia (Session Library): https://lucia-auth.com
Why do we still use passwords in 2026? In this episode of ConTejas Code, we tear down the complex world of digital identity. From the horror story of getting hacked at a hookah bar to the mathematical elegance of public-key cryptography, we cover how the internet knows who you actually are.
Let's break down the history of web authentication, explain why "logging in" is so much harder than it looks, and demystify the new standard taking over the web: Passkeys (WebAuthn). Whether you are a developer looking for an implementation playbook or just curious why your banking app requires a fingerprint, this deep dive explains the difference between Identity, Identifiers, and Credentials—and why you should stop rolling your own auth immediately.
Chapters
00:00:00 Welcome to ConTejas Code
00:01:06 Sponsor: CodeCrafters
00:01:42 Why Authentication Matters (High Stakes vs. Low Stakes)
00:07:30 Storytime: Getting Hacked at a Shisha Bar
00:19:48 The Vocabulary: Identity, Identifiers, and Credentials
00:27:45 The Three Factors (Something You Know, Have, Are)
00:34:28 Real World Analogies: House Keys, Speak-easies, and Hotel Cards
00:41:10 A History of Web Auth: From Basic Auth to the "Social Login" Mess
00:49:15 Authentication vs. Authorization vs. Accounting
00:57:00 The Problem with Passwords & MFA Fatigue
01:00:40 How Passkeys Work: Public Key Cryptography Explained
01:07:00 Under the Hood: WebAuthn, FIDO2, and The "Ceremonies"
01:13:40 Synced vs. Device-Bound Passkeys
01:16:30 The Playbook: How to Design Auth for SaaS, Mobile, and B2B
01:21:00 The Golden Rule: Don't Roll Your Own Crypto
01:23:00 Libraries & Tools You Should Use (Clerk, Auth0, Arctic)
01:28:40 The Minimum Viable Security Checklist
01:32:30 The Future of Passwordless Identity
Hosted on Acast. See acast.com/privacy for more information.
More shows like ConTejas Code
View all
The Changelog: Software Development, Open Source
288 Listeners
The Daily
113,257 Listeners
JavaScript Jabber
62 Listeners
Syntax - Tasty Web Development Treats
990 Listeners
Ologies with Alie Ward
24,555 Listeners
PodRocket
60 Listeners
The Ezra Klein Show
16,482 Listeners
Front-End Fire
11 Listeners