Evaluation of Account Recovery Strategies with FIDO2-based Passwordless Authentication

Threats to passwords are still very relevant due to attacks like phishing or credential stuffing. One way to solve this problem is to remove passwords completely. User studies on passwordless FIDO2 authentication using security tokens demonstrated the potential to replace passwords. However, widespread acceptance of FIDO2 depends, among other things, on how user accounts can be recovered when the security token becomes permanently unavailable. For this reason, we provide a heuristic evaluation of 12 account recovery mechanisms regarding their properties for FIDO2 passwordless authentication. Our results show that the currently used methods have many drawbacks. Some even rely on passwords, taking passwordless authentication ad absurdum. Still, our evaluation identifies promising account recovery solutions and provides recommendations for further studies.

Kunke, Johannes; Wiefling, Stephan; Ullmann, Markus; Lo Iacono, Luigi (2021): Evaluation of Account Recovery Strategies with FIDO2-based Passwordless Authentication. Open Identity Summit 2021. Bonn: Gesellschaft für Informatik e.V.. PISSN: 1617-5468. ISBN: 978-3-88579-706-7. pp. 59-70. Regular Research Papers. Copenhagen, Denmark. 01.-02. June 2021

Schlagwörter

FIDO2 , Passwordless Authentication , Account Recovery , Fallback Authentication

Sammlungen

P312 - Open Identity Summit 2021

Komplettanzeige

Evaluation of Account Recovery Strategies with FIDO2-based Passwordless Authentication

Volltext URI

Dokumententyp

Dateien

Zusatzinformation

Datum

Autor:innen

Zeitschriftentitel

ISSN der Zeitschrift

Bandtitel

Quelle

Verlag

Zusammenfassung

Beschreibung

Schlagwörter

Zitierform

DOI

Tags

Sammlungen