Is FIDO2 Passwordless Authentication a Hype or for Real?: A Position Paper

Biçakcı, Kemal; Uzunay, Yusuf

doi:10.1109/iscturkey56345.2022.9931832

Cited by 5 publications

(2 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The recurring theme from the schemes reviewed suggests that a secure authentication system with great user experience appears to be a holy grail for security researchers, influencing the decision of technologies being combined in a myriad of ways to achieve the desired result. Conners et al (2022) [4] proposed the use of certificates issued by a CA (Certificate Authority) as an improvement to an existing password-less scheme-FIDO2 [10,11]. Considering that FIDO2 is dependent on hardware tokens and does not offer account recovery options besides registering at least a second token as backup, making it an expensive proposition, Conners et al (2022) [4], in their work, describe how certificates can address this gap, allowing users to potentially achieve password-less nirvana by combining a hardware token and a software authenticator, where the token is responsible for managing authenticators rather than authentication itself.…”

Section: Related Workmentioning

confidence: 99%

Passwordless Authentication Using a Combination of Cryptography, Steganography, and Biometrics

Oduguwa,

Arabo

2024

JCP

View full text Add to dashboard Cite

User-generated passwords often pose a security risk in authentication systems. However, providing a comparative substitute poses a challenge, given the common tradeoff between security and user experience. This paper integrates cryptographic methods (both asymmetric and symmetric), steganography, and a combination of physiological and behavioural biometrics to construct a prototype for a passwordless authentication system. We demonstrate the feasibility of scalable passwordless authentication while maintaining a balance between usability and security. We employ threat modeling techniques to pinpoint the security prerequisites for the system, along with choosing appropriate cryptographic protocols. In addition, a comparative analysis is conducted, examining the security impacts of the proposed system in contrast to that of traditional password-based systems. The results from the prototype indicate that authentication is possible within a timeframe similar to passwords (within 2 s), without imposing additional hardware costs on users to enhance security or compromising usability. Given the scalable nature of the system design and the elimination of shared secrets, the financial and efficiency burdens associated with password resets are alleviated. Furthermore, the risk of breaches is mitigated as there is no longer a need to store passwords and/or their hashes. Differing from prior research, our study presents a pragmatic design and prototype that deserves consideration as a viable alternative for both password-based and passwordless authentication systems.

show abstract

Section: Related Workmentioning

confidence: 99%

Passwordless Authentication Using a Combination of Cryptography, Steganography, and Biometrics

Oduguwa,

Arabo

2024

JCP

View full text Add to dashboard Cite

show abstract

“…Important details for authentication protection include browser cross-checking domain origin hashes to prevent phishing attacks and using an incrementing counter to detect malicious imitations of authenticators [4].…”

mentioning

confidence: 99%

Fast Identity Online 2 :Authentication Technique

R M

2024

IJSREM

View full text Add to dashboard Cite

Fast Identity Online 2 (FIDO2) emerges as a transformative solution to the vulnerabilities inherent in traditional password-based authentication methods. Leveraging public key cryptography and authenticators, it establishes a passwordless authentication paradigm, extending its relevance beyond web applications to diverse realms such as online payments and government services. This paper explores FIDO2's emphasis on a seamless user experience while bolstering security measures through innovative credential management techniques. The acceptance of FIDO2 on major browsers ensures its usability on mobile devices, with most modern devices equipped to support FIDO2 authentication, thus expanding its reach and applicability. Additionally, its adoption by major tech companies and standards bodies underscores its credibility and potential for widespread adoption. However, challenges remain, including overcoming legacy systems, addressing compatibility issues, and ensuring user education. Despite these challenges, FIDO2 represents a significant advancement in online authentication, offering strong security, usability, and privacy features, positioning it as a key enabler of the passwordless authentication paradigm. Keywords: Public key cryptosystem, challenge, relying party, web browser and web authentication.

show abstract

QRAuth: A Secure and Accessible Web Authentication Alternative to FIDO2

Bicakci,

Drobi

2023

2023 16th International Conference on Information Security and Cryptology (ISCTürkiye)

View full text Add to dashboard Cite

Is FIDO2 Passwordless Authentication a Hype or for Real?: A Position Paper

Cited by 5 publications

References 13 publications

Passwordless Authentication Using a Combination of Cryptography, Steganography, and Biometrics

Passwordless Authentication Using a Combination of Cryptography, Steganography, and Biometrics

Fast Identity Online 2 :Authentication Technique

QRAuth: A Secure and Accessible Web Authentication Alternative to FIDO2

Contact Info

Product

Resources

About