# Creating the WebAuthn Components Library for Phoenix LiveView Apps with Owen Bickford Page: https://stenobird.com/podcast/elixir-wizards/creating-the-webauthn-components-library-for-phoenix-liveview-apps-with-owen-bickford Text version: https://stenobird.com/podcast/elixir-wizards/creating-the-webauthn-components-library-for-phoenix-liveview-apps-with-owen-bickford.md Podcast: [Elixir Wizards](https://stenobird.com/podcast/elixir-wizards) Published: 2024-11-14T11:30:00+00:00 Episode link: https://smartlogic.fireside.fm/s13-e05-webauthn-components-phoenix-liveview Audio file: https://aphid.fireside.fm/d/1437767933/03a50f66-dc5e-4da4-ab6e-31895b6d4c9e/fcc73e6e-2092-4a59-b47b-52f4a489bed4.mp3 Processing state: processed JSON: https://stenobird.com/v1/public/podcasts/elixir-wizards/episodes/creating-the-webauthn-components-library-for-phoenix-liveview-apps-with-owen-bickford Duration seconds: 3452 ## Resource Explore the transition from vulnerable password-based authentication to the more secure, user-friendly world of passkeys. Learn how the WebAuthnComponents library simplifies implementing hardware-backed, passwordless logins in Phoenix LiveView applications. ## Highlights - Main idea: Passkeys leverage the WebAuthn API and asymmetric cryptography to eliminate the risks of database leaks and credential stuffing - Practical takeaway: Use the WebauthnComponents library to integrate hardware-based authentication like TPMs and Apple Keychain into Elixir apps - Failure mode: Relying solely on passwords leaves users vulnerable to SIM swapping and sophisticated phishing attacks - Implementation detail: The library utilizes Ecto schemas and LiveView components to manage the complex handshake between the browser and server - Strategic advice: Introduce passkeys as an optional, high-security alternative rather than forcing a sudden technology shift on all users ## Topics Elixir, Phoenix LiveView, WebAuthn, Passkeys, Asymmetric Cryptography, Cybersecurity, Authentication, Web Development ## Chapters - 1:00 — The Evolution of Authentication: A brief history of moving from plain-text passwords to salted hashes and the inherent security flaws in each stage. - 10:05 — Understanding Passkeys and TPMs: How hardware-based modules like Trusted Platform Modules (TPM) manage credentials securely on modern devices. - 14:05 — Library Architecture and Flexibility: How the WebauthnComponents library uses migrations and configurable schemas to adapt to different application needs. - 18:25 — Asymmetric Cryptography in Practice: Comparing passkey mechanics to SSH keys and the benefits of public/private key pairs for secure logins. - 23:00 — Integrating WebAuthn into Phoenix: Using the library as a standalone authentication method within the Phoenix framework. - 27:10 — Managing User Experience and Support: Strategies for adopting new authentication tech without increasing customer support overhead or user friction. - 35:45 — The WebAuthn Handshake Flow: A technical walkthrough of managing challenges, attestations, and user creation via LiveView components. ## Actions - request_transcript: `POST https://stenobird.com/v1/public/podcasts/elixir-wizards/episodes/creating-the-webauthn-components-library-for-phoenix-liveview-apps-with-owen-bickford/transcription-requests` — Idempotently request low-priority transcript generation for this episode. - read_markdown: `GET https://stenobird.com/podcast/elixir-wizards/creating-the-webauthn-components-library-for-phoenix-liveview-apps-with-owen-bickford.md` — Read the agent-friendly Markdown representation of this episode resource. A page view does not enqueue transcription. Agents should invoke `request_transcript` explicitly when they need this episode processed. ## Transcript Full transcripts are not published on public pages unless there is a clear rights basis.