Leon Janzen (formerly Leon Würsching), Florentin Putz (both SEEMOO, TUDa) and Steffen Haesler (PEASEC), were awarded for their paper „FIDO2 the Rescue? Platform vs. Roaming Authentication on Smartphones“. With the participation of emergenCITY coordinator Matthias Hollick, they conducted a first lab study for the ACM 2023 CHI Conference on Human Factors in Computing Systems comparing from the user’s perspective platform and roaming authentication on smartphones using the passwordless FIDO2 authentication.
The Paper was also awarded with the „Best Paper Award“ at the ACM CHI Conference on Human Factors in Computing Systems [CORE A*].
Abstract
Modern smartphones support FIDO2 passwordless authentication using either external security keys or internal biometric authentication, but it is unclear whether users appreciate and accept these new forms of web authentication for their own accounts. We present the first lab study (N=87) comparing platform and roaming authentication on smartphones, determining the practical strengths and weaknesses of FIDO2 as perceived by users in a mobile scenario. Most participants were willing to adopt passwordless authentication during our in-person user study, but closer analysis shows that participants prioritize usability, security, and availability differently depending on the account type. We identify remaining adoption barriers that prevent FIDO2 from succeeding password authentication, such as missing support for contemporary usage patterns, including account delegation and usage on multiple clients.
Leon Würsching, Florentin Putz, Steffen Haesler, Matthias Hollick (2023)
FIDO2 the Rescue? Platform vs. Roaming Authentication on Smartphones. Proceedings of the Conference on Human Factors in Computing Systems (CHI) (Best Paper Award) New York, NY, USA. doi:10.1145/3544548.3580993
[Download PDF]