SSI practical demonstration

Are Passwords a Failed Model?

Follow one transferable secret from weak selection to cascading compromise, then remove it with WebAuthn.

Module 1

Password Weakness Analyzer

Complexity is not strength. Length, unpredictability, and breach screening matter more.

Use only the synthetic examples below. Never enter a real password into a classroom demonstration.
Choose an example and analyze it.
Module 2

Credential Stuffing Simulator

A breach at the fictional Mailbox service is replayed only against two internal synthetic services.

No simulation has run.
Module 3

Password vs Passkey

The password is transferable. The passkey is a private-key signature bound to ssi.home.bugstavern.site.

Password login

Ready.
  1. Type a shared secret.
  2. Transmit it to the server.
  3. The server checks a stored verifier.

Passkey login

Use a platform authenticator, security key, or Chromium virtual authenticator.
  1. The server sends a random challenge.
  2. The authenticator signs it for this RP ID.
  3. The server verifies the public-key signature.