Diablo Valley College students implement WebAuthn in 24 hours

What do you get when you mix six hundred developers, twenty-four hours, twelve challenges and a mass of cash and prizes? The nation’s largest challenge-driven hackathon, hosted by DeveloperWeek in San Francisco.

Hackathon participants get just twenty-four hours to create a working proof of concept to solve some of the world’s most pressing problems. Yubico challenged developers with a user-centric approach to security. We were looking for the best integration of strong two-factor, multi-factor or passwordless authentication with the YubiKey to protect sensitive user information. Ten teams took on the challenge, all with excellent use cases and implementations, but we could only nominate one winner.

This year, Yubico chose FoodHopa as the winner of the 2020 Yubico DevWeek Hackathon Challenge. FoodHopa was born out of the simplest of concepts — how can environmentally conscious college students help reduce carbon emissions and save the world while feeding themselves and their friends, all on a shoestring budget?

FOODHOPA
FoodHopa engineers, Michael Winailan & Scott Sunarto

Developed by engineering students Michael Winailan and Scott Sunarto, FoodHopa aims to match restaurants with surplus food to hungry eaters. The idea is that one driver delivers food to one centralized location instead of making multiple deliveries to multiple locations. By bringing eaters together, utilizing surplus food from restaurants, and reducing food delivery to one location, FoodHopa succeeds in reducing food waste and carbon emissions at the same time.

In just a few short hours, Michael and Scott built a mobile app for party-goers (eaters) and a web app for party hosts (drivers) and restaurant operators. Using a web-based management platform, restaurant operators can log in to the web app using a passwordless login flow with a YubiKey. This was all built on the WebAuthn standard.

When asked why they chose to go passwordless, the savvy students told hackathon judges that a passwordless login flow was important for three reasons:

  • The food and beverage industry experiences high employee turnover rates, and YubiKeys are easy to re-issue to new employees.
  • Inconsistent hourly work schedules make it challenging to remember a complex password.
  • Memorizing complex passwords is hard, which results in weak or shared passwords among coworkers.

Enabling a passwordless login flow and providing YubiKeys for each restaurant employee that needs to interact with the web app ensures both the restaurant and their customers’ information is kept private and secure.

FoodHopa Webauthn
FoodHopa integrates with WebAuthn and YubiKeys

What’s next for these savvy students? The FoodHopa team hopes to productize their app and take it to the marketplace by implementing credit card payments through their app. By adding strong multi-factor authentication using YubiKeys into their payment flow, they will be well on their way to achieving PCI (Payment Card Industry) compliance.

Hackathon submissions don’t typically prioritize security—especially when the focus is on building an MVP as quickly as possible. Yubico has increased our participation in hackathons over the past few years in an effort to change that behavior, while also exploring better ways to empower non-security engineers to integrate strong authentication. If you’re hosting an upcoming hackathon, and would like Yubico to participate, please let us know at dev-mktg@yubico.com.

Are you interested in integrating security into the products, services, and applications that you’re building? Check out Yubico’s developer website to get started and sign up for the Yubico Developer Program mailing list to be notified of new documentation and resources, as well as get early access to SDKs and new products.

Talk to our teamTalk to our team

Share this article:


  • Goodbye master passwords: Dashlane and Yubico enhance credential vault encryption and login with YubiKeysAt Authenticate 2025 this week, the world’s leading experts on modern authentication and securing digital identities gathered, to discuss the future of secure authentication and achieving usable security across the account lifecycle. The message was clear: the future of phishing-resistant authentication is using passkeys for encryption, and the gold standard is device-bound passkeys – YubiKeys. […]Read morecredential vault encryptioncredential vault loginDashlanepartnerpasskey encryptionPRF
  • Piloting Europe’s future ID: Passkeys securing digital walletsOver the last several years, passkeys have become ubiquitous. They are available on every mobile platform, in every leading browser, as part of all major enterprise IAM solutions, and in most major cloud services. Until wwWallet came along, the only place where passkeys hadn’t yet made an impact is in the rapidly developing world of […]Read moredigital identity walletspasskeysSIROSwwWallet
  • We’re excited for what’s to come – meet us in-person to find out whyIt’s been a busy year for our team, filled with exciting company and product updates aimed at better serving our customers and helping them achieve cyber resilience as AI-driven phishing threats continue evolving globally. Between industry award recognitions and key new executive leadership hires to lead Yubico to its next stage of growth and a […]Read more
  • FIPS certified vs. FIPS compliant: What’s the real difference?“Is your MFA solution FIPS compliant, or is it certified?”  This is a question we hear a lot, and for good reason. In industries where security and compliance are critical (especially in government contracts), understanding the difference between FIPS certified and FIPS compliant isn’t just semantics – it can mean the difference between meeting requirements […]Read moreFIPSNIST