Passkeys Have Problems, but So Will You If You Ignore Them

Back in 2024, many of us in the Rails community dismissed passkeys as hype rather than a real password replacement. But now we’re facing a serious problem - a newer and more sophisticated attack called Real-Time Phishing is gaining popularity and effortlessly defeating nearly all popular 2FA methods, except one: passkeys. Even security experts are getting fooled, and AI makes these attacks frighteningly scalable. In this session, I’ll demo exactly how attackers execute real-time phishing live. Then we’ll turn the tables: I’ll guide you step-by-step through adding secure, user-friendly passkey authentication as an MFA option to your Rails 8 apps. Come on, Rails! Let’s give passkeys one more chance.