More Open Source Security episodes

WTF is a passkey with William Brown thumbnail

WTF is a passkey with William Brown

Published 26 Jan 2026

Duration: 01:02:55

Passkey technology, a passwordless authentication method, offers improved security but faces challenges, including inconsistent definitions and usability issues, as well as concerns over e-waste and user understanding.

Episode Description

William Brown is back! This time Josh chats with him about Passkeys. WTF are they? A Passkey is a form of multi factor authentication, but it's not su...

Overview

The podcast explores the development and current status of passkey technology, which is based on earlier standards like U2F and WebAuthn. Passkeys offer a passwordless authentication method by using hardware-based security components, such as YubiKeys, iPhones, or TPMs, and rely on public key cryptography to enable secure logins. However, the discussion highlights several challenges, including inconsistent definitions of passkeys across different platforms and organizations, as well as usability issues like device-bound residency, limited key management options, and reliance on usernames.

Technical difficulties such as cross-device synchronization, high latency, and occasional failures in key enrollment or retentionparticularly on Android and iOSare also mentioned. Although passkeys are viewed as more secure than traditional passwords, their usability remains a challenge for non-technical users. Additionally, concerns about electronic waste due to device limitations and the need for clear communication to help users understand how passkeys workwithout transmitting sensitive information like biometrics over the internetare raised as important considerations for broader adoption.

Recent Episodes of Open Source Security

22 Jun 2026 Packagist and Composer security with Jordi Boggiano

Strategies for securing open-source ecosystems include malware detection via third-party feeds, transparency logs, rapid incident response, blocking malicious downloads, private registry controls, immutable package releases, standardized workflows, MFA enforcement, and technical proposals like artifact validation and build attestation, while addressing challenges like maintainer hacking, AI risks, usability trade-offs, and the need for ecosystem-wide alignment and human verification.

15 Jun 2026 Sustaining Open VSX with Mike and Thabang

Eclipse Foundation's OpenVSX, a VS Code extension repository, surged to 600M monthly downloads, evolved to a commercial model with enterprise SLAs and security teams, while addressing scalability, open-source balance, and funding challenges for AI expansion.

8 Jun 2026 Hacking your CI/CD with Francois Proulx

Critical vulnerabilities in open source CI/CD pipelines, including hijacking and supply chain attacks via social engineering or compromised builds, are highlighted through incidents like TJ Actions and Ultralytics, with mitigation strategies emphasizing secure credentials, externalized workflows, threat modeling, and tools like *Smoked Meat* and *Bagel* to enhance incident response and supply chain security.

1 Jun 2026 Open source verification with Sal Kimmich

Cybersecurity challenges include complex application ecosystems, overlooked kernel vulnerabilities, supply chain risks, and systemic risks from under-resourced organizations prioritizing surface-level controls, alongside calls for regulatory reforms, proactive threat modeling, secure development practices, and addressing tribal nations' unique legal and sovereignty concerns.

25 May 2026 Vulnerability disclosure with Casey Ellis

The evolution of vulnerability disclosure highlights challenges in prioritizing critical issues, outdated legal frameworks, and the role of initiatives like Disclosed.io in standardizing policies, alongside AI's impact on detection, open-source risks, triage complexities, and the need for collaboration and transparency to address systemic security barriers.

More Open Source Security episodes