CISPA
Browse
cispa_all_3386.pdf (343.81 kB)

Let History not Repeat Itself (this Time) - Tackling WebAuthn Developer Issues Early On

Download (343.81 kB)
conference contribution
posted on 2023-11-29, 18:23 authored by Aftab Alam, Katharina KrombholzKatharina Krombholz, Sven BugielSven Bugiel
The FIDO2 open authentication standard, developed jointly by the FIDO Alliance and the W3C, provides end-users with the means to use public-key cryptography in addition to or even instead of text-based passwords for authentication on the web. Its WebAuthn protocol has been adopted by all major browser vendors and recently also by major service providers (e.g., Google, GitHub, Dropbox, Microsoft, and others). Thus, FIDO2 is a very strong contender for finally tackling the problem of insecure user authentication on the web. However, there remain a number of open questions to be answered for FIDO2 to succeed as expected. In this poster, we focus specifically on the critical question of how well web-service developers can securely roll out WebAuthn in their own services and which issues have to be tackled to help developers in this task. The past has unfortunately shown that software developers struggle with correctly implementing or using security-critical APIs, such as TLS/SSL, password storage, or cryptographic APIs. We report here on ongoing work that investigates potential problem areas and concrete pitfalls for adopters of WebAuthn and tries to lay out a plan of how our community can help developers. We believe that raising awareness for foreseeable developer problems and calling for action to support developers early on is critical on the path for establishing FIDO2 as a de-facto authentication solution.

History

Preferred Citation

Aftab Alam, Katharina Krombholz and Sven Bugiel. Let History not Repeat Itself (this Time) - Tackling WebAuthn Developer Issues Early On. In: ACM Conference on Computer and Communications Security (CCS). 2019.

Primary Research Area

  • Empirical and Behavioral Security

Name of Conference

ACM Conference on Computer and Communications Security (CCS)

CISPA Affiliation

  • No

Legacy Posted Date

2021-03-24

Open Access Type

  • Unknown

Presentation Type

  • Presentation (no conference)

BibTeX

@inproceedings{cispa_all_3386, title = "Let History not Repeat Itself (this Time) - Tackling WebAuthn Developer Issues Early On", author = "Alam, Aftab and Krombholz, Katharina and Bugiel, Sven", booktitle="{ACM Conference on Computer and Communications Security (CCS)}", year="2019", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC