Passkeys Have Problems, but So Will You If You Ignore Them

Passkeys Have Problems, but So Will You If You Ignore Them
Jason Meller • Amsterdam, Netherlands • Talk

Date: September 04, 2025
Published: not published
Announced: May 20, 2025

Back in 2024, many of us in the Rails community dismissed passkeys as hype rather than a real password replacement. But now we're facing a serious problem - a newer and more sophisticated attack called Real-Time Phishing is gaining popularity and effortlessly defeating nearly all popular 2FA methods, except one: passkeys. Even security experts are getting fooled, and AI makes these attacks frighteningly scalable. In this session, I'll demo exactly how attackers execute real-time phishing live. Then we'll turn the tables: I'll guide you step-by-step through adding secure, user-friendly passkey authentication as an MFA option to your Rails 8 apps. Come on, Rails! Let's give passkeys one more chance.

Rails World 2025

Explore all talks scheduled for Rails World 2025
+14