Episode Details
Back to Episodes
Passwords Are Broken: How Passkeys & WebAuthn Fix Authentication in ASP.NET Core and Microsoft 365
Season 1
Published 8 months, 3 weeks ago
Description
Passwords aren’t failing because users are careless—they’re failing because the model is fundamentally outdated. Phishing, credential stuffing and endless resets show how fragile a system is that still depends on humans remembering secrets at internet scale. In this episode, you’ll see why tightening password policies barely moves the needle, how much breaches and resets really cost your organization, and why it’s finally realistic to remove passwords altogether instead of patching them.
We start with the true cost of “just one” stolen credential: how a single compromised Microsoft 365 admin account can lead to Teams data exposure, mailbox abuse and weeks of recovery work—without any zero-day exploit. Then we look at the hidden tax of password resets and rotation policies that burn IT time, frustrate employees and still don’t stop attackers from reusing old patterns. You’ll walk away with a clear picture of why passwords can’t scale to today’s threat landscape, no matter how many special characters you add.
From there, we introduce passkeys and WebAuthn as the realistic alternative, not science fiction. You’ll learn how public‑key cryptography flips the model—private keys stay safely on the device, servers only store public keys, and there’s nothing usable for attackers to steal from your database. We break down what this feels like for users (Face ID, Windows Hello, security keys), how WebAuthn lets browsers and platforms talk the same language, and why phishing pages simply stop working when there’s no password to type.
Finally, we get practical for ASP.NET Core teams and decision‑makers. Developers get a high‑level implementation checklist: where to plug passkeys into existing auth flows, which parts of your app change, and what to watch out for in rollout. Leaders get the adoption view: how to position passkeys as both a security and productivity upgrade, what to measure (reset volume, phishing exposure), and how to decide if you’re the one implementing the change or the one sponsoring it.
WHAT YOU’LL LEARN
The core insight of this episode is that passwords
We start with the true cost of “just one” stolen credential: how a single compromised Microsoft 365 admin account can lead to Teams data exposure, mailbox abuse and weeks of recovery work—without any zero-day exploit. Then we look at the hidden tax of password resets and rotation policies that burn IT time, frustrate employees and still don’t stop attackers from reusing old patterns. You’ll walk away with a clear picture of why passwords can’t scale to today’s threat landscape, no matter how many special characters you add.
From there, we introduce passkeys and WebAuthn as the realistic alternative, not science fiction. You’ll learn how public‑key cryptography flips the model—private keys stay safely on the device, servers only store public keys, and there’s nothing usable for attackers to steal from your database. We break down what this feels like for users (Face ID, Windows Hello, security keys), how WebAuthn lets browsers and platforms talk the same language, and why phishing pages simply stop working when there’s no password to type.
Finally, we get practical for ASP.NET Core teams and decision‑makers. Developers get a high‑level implementation checklist: where to plug passkeys into existing auth flows, which parts of your app change, and what to watch out for in rollout. Leaders get the adoption view: how to position passkeys as both a security and productivity upgrade, what to measure (reset volume, phishing exposure), and how to decide if you’re the one implementing the change or the one sponsoring it.
WHAT YOU’LL LEARN
- Why passwords keep failing even with stricter policies and better monitoring.
- How passkeys and WebAuthn replace passwords using public‑key cryptography and device‑based authentication.
- What the sign‑in experience looks like with Windows Hello, biometrics and security keys.
- A practical ASP.NET Core checklist for adding passkey support to your existing login flows.
- How to talk about passwordless authentication with business leaders in terms of risk, cost and user experience.
The core insight of this episode is that passwords