Abstract
Fast Identity Online (FIDO) Alliance and W3C have defined a set of specifications (called FIDO2) that allows a user to replace the password based authentication system. However, none of the high profile web sites have implemented FIDO2 yet as password-less single factor (SF) authentication (password-less SF). In this paper, we analyze the set of factors that make websites reluctant to adopt password-less FIDO SF authentication. We start by comparing the threat models of password-less FIDO SF authentication with password-based SF authentication. Our analysis shows that although password-based authentication is less secure than FIDO SF authentication, other factors related to the usability of FIDO security keys and FIDO based authentication system, the non-consideration of enterprise requirements and the lack of specifications regarding account recovery/deletion and suspension are the main obstacles to the adoption of password-less FIDO SF authentication.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
