L The IntegrAuth Lab

← All practicals

P2

Go passwordless

Register a passkey, then sign back in with it.

  1. 1

    On your account page, register a passkey.

    The private key stays in your device’s secure hardware; the server only ever stores the public key (verified with a hand-rolled WebAuthn + CBOR + COSE stack).

  2. 2

    Log out, then sign back in with the passkey.

    Login verifies a fresh challenge signature — no password to phish, replay or leak.

Do it

This one happens on your account page — register a passkey, revoke a session, or enroll TOTP there.

Go to your account →

🩻 X-ray — what actually happened

Your own insert-only audit trail — the real server events, sanitized (never a secret), each linked to the lesson that explains it.

Loading…