Andrew Clymer

Passwords drive breaches, increase support costs, and frustrate users. Passkeys—standards‑based WebAuthn/FIDO2 credentials backed by public‑key cryptography and biometrics—deliver MFA‑level security with a one‑tap experience. They are resistant to phishing and replay, eliminate fragile SMS/OTP flows, reduce password reset tickets, and improve conversion rates on sign-in and checkout. With broad support across Windows, macOS, iOS, Android, and all modern browsers, passkeys are the most practical path to passwordless today. In this session, we’ll add passkey authentication to an existing ASP.NET Core web application running on .NET 10. You’ll get a concise primer on how WebAuthn works (registration vs. authentication ceremonies, challenges, attestation, and assertions) and then see it implemented end‑to‑end: wiring up navigator.credentials.create() / get() on the client, verifying responses on the server, and storing credential IDs and public keys. We’ll integrate with ASP.NET Core Identity. We’ll also cover rollout and UX strategy. You’ll leave with clear practical guidance to ship secure, delightful, passwordless sign‑in on .NET 10.