2020 IEEE Symposium on Security and Privacy (SP) 2020
DOI: 10.1109/sp40000.2020.00047
|View full text |Cite
|
Sign up to set email alerts
|

Is FIDO2 the Kingslayer of User Authentication? A Comparative Usability Study of FIDO2 Passwordless Authentication

Abstract: The newest contender for succeeding passwords as the incumbent web authentication scheme is the FIDO2 standard. Jointly developed and backed by the FIDO Alliance and the W3C, FIDO2 has found support in virtually every browser, finds increasing support by service providers, and has adoptions beyond browser-software on its way. While it supports MFA and 2FA, its single-factor, passwordless authentication with security tokens has received the bulk of attention and was hailed by its supporters and the media as the… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
10
1

Year Published

2021
2021
2024
2024

Publication Types

Select...
5
2
1

Relationship

0
8

Authors

Journals

citations
Cited by 48 publications
(22 citation statements)
references
References 41 publications
0
10
1
Order By: Relevance
“…Password managers were used in about 10% of cases, which slightly exceeds previous findings, e.g. [83,61]. While reuse might be attributed to the artificial study context (even though also found in real life), the use of password managers might be more prevalent amongst MTurk workers who might be younger and/or more tech-savvy.…”
Section: Hybrid Password Meters Studycontrasting
confidence: 55%
“…Password managers were used in about 10% of cases, which slightly exceeds previous findings, e.g. [83,61]. While reuse might be attributed to the artificial study context (even though also found in real life), the use of password managers might be more prevalent amongst MTurk workers who might be younger and/or more tech-savvy.…”
Section: Hybrid Password Meters Studycontrasting
confidence: 55%
“…The evaluation of the enhanced warning tags was intended to gauge a preferential approach to soft moderation as well as understand the underpinning reasoning for it's acceptance (or lack thereof). A/B testing is a regular practice in usable security studies that informs the design of interface affordances, cues, and frictions [25,63,67]. Building on the exposure to contextual warning tags, a qualitative inquiry of how they fare in the misinformation front is important because the soft moderation employed by social media in general, and Twitter in particular, so far has yielded far from desirable results [39].…”
Section: Improbable Interpretations Of Facts (Ffs)mentioning
confidence: 99%
“…A more secure alternative could be the adoption of secure hardware-based authentication solutions, e.g. FIDO2 [11], where verification codes can be provided by external hardware devices, e.g. Yubico Security Key.…”
Section: B Multi-factor Authentication and Secure Hardware Tokensmentioning
confidence: 99%
“…The key steps of the accessibility attacks make use of Android accessibility service APIs 11 . These APIs are callable from any app that registers an accessibility service component that extends Accessi-bilityService and is granted the BIND_ACCES-SIBILITY_SERVICE permission.…”
Section: A Experiments Setupmentioning
confidence: 99%
See 1 more Smart Citation