Authentication continues to fail not because users ignore security advice, but because our systems rely on humans managing reusable secrets. Despite password managers and multi-factor authentication, phishing and credential theft remain the most common causes of account compromise.
This talk examines why password-based authentication fails at a structural level. We will explore the assumptions passwords make about human behaviour, why those assumptions break down in practice, and why layered controls like MFA often add friction without removing core failure modes.
We will then introduce passkeys as a human-centred redesign of authentication. We will explain what passkeys are, how they work using public-key cryptography, and why removing shared secrets improves security and usability at the same time.
Using two real-world examples, we will show how passkeys succeed where passwords struggle. We will examine phishing attacks that bypass traditional MFA, and explain how passkeys eliminate the need for users to identify real login pages. We will also look at account compromise caused by password reuse, and how passkeys prevent cross-site impact by design.
Attendees will leave with a clear mental model of how passkeys work, understand the role of biometrics as a local unlock mechanism, and gain practical guidance on how individuals and developers can start using passkeys today through modern, open web standards.
George Coldham is a Cloud Solution Architect at Microsoft, working with enterprise and public-sector organisations to design and operate secure cloud and identity architectures at scale.
His work focuses on Zero Trust, identity as the modern security control plane, and the practical realities of securing SaaS, cloud platforms, and emerging AI systems in complex environments. George specialises in helping organisations reduce real-world risk without undermining productivity or user experience.
Alongside his technical role, George is an experienced international speaker, educator, and community organiser. He regularly presents at industry conferences, bootcamps, and meetups, translating complex security concepts into practical guidance for practitioners and decision-makers.
George is the founder of Global Security Community, the lead organiser of the Perth Microsoft Security Meetup, and an organiser within the global AI and developer community. He brings a practitioner-led, evidence-based perspective to his talks, drawing on real customer scenarios rather than vendor theory or marketing narratives.
His speaking topics include Zero Trust beyond the marketing slides, identity-driven security, cloud and SaaS security in practice, and designing security architectures for humans as well as systems.
