Links
- Codecrafters (sponsor): https://tej.as/codecrafters
- Clerk: https://clerk.com
- Auth0: https://auth0.com
- Arctic (OAuth Library): https://arctic.js.org
- Lucia (Session Library): https://lucia-auth.com
Why do we still use passwords in 2026? In this episode of ConTejas Code, we tear down the complex world of digital identity. From the horror story of getting hacked at a hookah bar to the mathematical elegance of public-key cryptography, we cover how the internet knows who you actually are.
Let's break down the history of web authentication, explain why \"logging in\" is so much harder than it looks, and demystify the new standard taking over the web: Passkeys (WebAuthn). Whether you are a developer looking for an implementation playbook or just curious why your banking app requires a fingerprint, this deep dive explains the difference between Identity, Identifiers, and Credentials—and why you should stop rolling your own auth immediately.
Chapters
00:00:00 Welcome to ConTejas Code
00:01:06 Sponsor: CodeCrafters
00:01:42 Why Authentication Matters (High Stakes vs. Low Stakes)
00:07:30 Storytime: Getting Hacked at a Shisha Bar
00:19:48 The Vocabulary: Identity, Identifiers, and Credentials
00:27:45 The Three Factors (Something You Know, Have, Are)
00:34:28 Real World Analogies: House Keys, Speak-easies, and Hotel Cards
00:41:10 A History of Web Auth: From Basic Auth to the \"Social Login\" Mess
00:49:15 Authentication vs. Authorization vs. Accounting
00:57:00 The Problem with Passwords & MFA Fatigue
01:00:40 How Passkeys Work: Public Key Cryptography Explained
01:07:00 Under the Hood: WebAuthn, FIDO2, and The \"Ceremonies\"
01:13:40 Synced vs. Device-Bound Passkeys
01:16:30 The Playbook: How to Design Auth for SaaS, Mobile, and B2B
01:21:00 The Golden Rule: Don't Roll Your Own Crypto
01:23:00 Libraries & Tools You Should Use (Clerk, Auth0, Arctic)
01:28:40 The Minimum Viable Security Checklist
01:32:30 The Future of Passwordless Identity
","author_name":"Tejas Kumar"}