PLAY PODCASTS
Moving Projects Away From Passwords With WebAuthn and Python
Episode 133

Moving Projects Away From Passwords With WebAuthn and Python

The Real Python Podcast · Real Python

November 18, 202244m 37s

Audio is streamed directly from the publisher (dts.podtrac.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Original episode page

Show Notes

<p>What if you didn&rsquo;t have to worry about managing user passwords as a Python developer? That&rsquo;s where the WebAuthn protocol and new hardware standards are heading. This week on the show, Dan Moore from FusionAuth returns to discuss a password-less future.</p> <p>WebAuthn is a way to authenticate users using biometric, secure authentication methods. Dan dives into passkeys, ceremonies, authenticators, and hardware standards. We also cover several projects and libraries that can help you get started with WebAuthn in Python.</p> <div class="alert alert-primary" role="alert"> <p><strong>Course Spotlight:</strong> <a href="https://realpython.com/courses/refactoring-code-to-get-help/">Refactoring: Prepare Your Code to Get Help</a> </p> <p>In this Code Conversation video course, you&rsquo;ll explore the steps you can take to get help when you&rsquo;re stuck while coding. You&rsquo;ll investigate how to clean up your code to focus on the question you have. Along the way, you&rsquo;ll learn how to handle errors and use custom exceptions.</p> </div> <p>Topics:</p> <ul> <li>00:00:00 &ndash; Introduction</li> <li>00:01:36 &ndash; Dan&rsquo;s WebAuthn article</li> <li>00:03:26 &ndash; FIDO and WebAuthn</li> <li>00:05:53 &ndash; What&rsquo;s a YubiKey?</li> <li>00:07:57 &ndash; Phones with biometric systems</li> <li>00:12:03 &ndash; Sponsor: CData Software</li> <li>00:12:45 &ndash; Similarities to HTTPS</li> <li>00:16:13 &ndash; A password-less future</li> <li>00:24:31 &ndash; Where&rsquo;s it being used?</li> <li>00:30:53 &ndash; Video Course Spotlight</li> <li>00:32:26 &ndash; Python WebAuthn projects and packages</li> <li>00:34:52 &ndash; Does a developer need to set up additional auth methods?</li> <li>00:37:31 &ndash; How are the third-party auth services implementing this?</li> <li>00:39:50 &ndash; What are you excited about in the world of Python?</li> <li>00:41:24 &ndash; What do you want to learn next?</li> <li>00:43:20 &ndash; Thanks and goodbye</li> </ul> <p>Show Links:</p> <ul> <li><a href="https://fusionauth.io/learn/expert-advice/authentication/webauthn-explained">WebAuthn Explained - FusionAuth</a></li> <li><a href="https://realpython.com/podcasts/rpp/99/">Episode #99: OAuth 2 and Authentication Choices for Your Python Project – The Real Python Podcast</a></li> <li><a href="https://techcommunity.microsoft.com/t5/identity-standards-blog/all-about-fido2-ctap2-and-webauthn/ba-p/288910">All about FIDO2, CTAP2 and WebAuthn - Microsoft Community Hub</a></li> <li><a href="https://yubikey.me/">YubiKey - Hardware Security Keys</a></li> <li><a href="https://hideez.com/blogs/news/apple-adopts-passwordless-authentication-technology">Apple Adopts Passwordless Authentication Technology – Hideez</a></li> <li><a href="https://www.theverge.com/2022/11/17/23464817/1password-passkey-support-security-apple-google">1Password is launching passkey support in early 2023 - The Verge</a></li> <li><a href="https://github.com/duo-labs/py_webauthn">duo-labs/py_webauthn: Pythonic WebAuthn</a></li> <li><a href="https://github.com/as207960/python-webauthn">python-webauthn: Server side handlers for WebAuthN with support for Apple&rsquo;s FaceID, and the FIDO metadata service</a></li> <li><a href="https://pypi.org/project/pywarp/">pywarp - PyPI</a></li> <li><a href="https://webauthn-rp.readthedocs.io/en/latest/index.html">webauthn-rp documentation</a></li> <li><a href="https://duo.com/blog/going-passwordless-with-py-webauthn">Going Passwordless With py_webauthn - Duo Security</a></li> <li><a href="https://github.com/asnelling/django-webauth">django-webauth: Two Factor Authentication in Django using Web Authentication API (WebAuthn)</a></li> <li><a href="https://pypi.org/project/django-webauthin/">django-webauthin - PyPI</a></li> <li><a href="https://developers.yubico.com/python-fido2/">python-fido2</a></li> <li><a href="https://www.python.org/downloads/release/python-3110/">Python 3.11.0 Release - Python.org</a></li> <li><a href="https://realpython.com/asins/0760372454">Real Food Fermentation by Alex Lewin - Amazon</a></li> <li><a href="https://fusionauth.io/">Auth. Built for Devs, by Devs - FusionAuth</a></li> </ul> <p>Level up your Python skills with our expert-led courses:</p> <ul> <li><a href="https://realpython.com/courses/exploring-https-cryptography/">Exploring HTTPS and Cryptography in Python</a></li> <li><a href="https://realpython.com/courses/python-basics-code-bugs/">Python Basics: Finding and Fixing Code Bugs</a></li> <li><a href="https://realpython.com/courses/refactoring-code-to-get-help/">Refactoring: Prepare Your Code to Get Help</a></li> </ul> <p><a rel="payment" href="https://realpython.com/join">Support the podcast &amp; join our community of Pythonistas</a></p>
← All episodes of The Real Python Podcast