Quantitative Analysis of FIDO2 Client Support


Authors:

Florian Nawrath, Universit├Ąt des Saarlandes

Abstract:

With the release of the new standard, Fast Identity Online 2 (FIDO2), integration and usage of passwordless authentication methods have become easier. FIDO2 challenges the incumbent standard for web authentication: passwords. However, it is unclear if the users can adapt to the new standard. The question we want to answer is: Do users have the necessary hardware available and if so, does this hardware work as intended?

This paper aims to test the client support of FIDO2 passwordless authentication methods with the goal of providing insights into technical as well as hardware limitations and restrictions from the users' side. To test this, we conducted a study where the users had to attempt passwordless registration with their own devices. The results indicate that most of the successful registrations were limited to platform authenticators. Additionally, there are browser and operating system combinations that do not work together as they are still in development. According to our participants' statements, although some of them accept the new standard, there are still trust issues and misconceptions regarding the security of passwordless authentication. Despite that, FIDO2 has the potential to become the new default for web authentication. However, there is still some work to be done when it comes to the support of certain operating systems and browsers, as well as the users' awareness and acceptance.

Download:
BibTeX:
@inproceedings{nawrath-21-fido2-support,
    author = {Nawrath, Florian},
    title = {{Quantitative Analysis of FIDO2 Client Support}},
    booktitle = {Who Are You?! Adventures in Authentication Workshop},
    year = {2021},
    series = {WAY~'21},
    pages = {1--5},
    address = {Virtual Conference},
    month = aug,
    publisher = {}
} % No publisher