Title

Should We Rush to Implement Password-less Single Factor FIDO2 based Authentication?

Author First name, Last name, Institution

Fatima Alqubaisi
Ahmad Samer Wazan
Liza Ahmad
David W. Chadwick

Document Type

Conference Proceeding

Source of Publication

Proceedings - 2020 12th Annual Undergraduate Research Conference on Applied Computing, URC 2020

Publication Date

4-1-2020

Abstract

© 2020 IEEE. Fast Identity Online (FIDO) Alliance and W3C have defined a set of specifications (called FIDO2) that allows a user to replace the password based authentication system. However, none of the high profile web sites have implemented FIDO2 yet as password-less single factor (SF) authentication (password-less SF). In this paper, we analyze the set of factors that make websites reluctant to adopt password-less FIDO SF authentication. We start by comparing the threat models of password-less FIDO SF authentication with password-based SF authentication. Our analysis shows that although password-based authentication is less secure than FIDO SF authentication, other factors related to the usability of FIDO security keys and FIDO based authentication system, the non-consideration of enterprise requirements and the lack of specifications regarding account recovery/deletion and suspension are the main obstacles to the adoption of password-less FIDO SF authentication.

ISBN

9781728197890

Publisher

Institute of Electrical and Electronics Engineers Inc.

Disciplines

Computer Sciences

Keywords

FIDO2, Password based authentication, threat model, UAF, WebAuthn

Scopus ID

85086729520

Indexed in Scopus

yes

Open Access

no

Share

COinS