CISPA
Browse
sec24summer-prepub-618-lassak.pdf (330.87 kB)

Why Aren’t We Using Passkeys? Obstacles Companies Face Deploying FIDO2 Passwordless Authentication

Download (330.87 kB)
conference contribution
posted on 2024-03-22, 12:02 authored by Leona Lassak, Elleen Pan, Blase Ur, Maximilian Golla
When adopted by the W3C in 2019, the FIDO2 standard for passwordless authentication was touted as a replacement for passwords on the web. With FIDO2, users leverage passkeys (cryptographic credentials) to authenticate to websites. Even though major operating systems now support passkeys, compatible hardware is now widely available, and some major companies now offer passwordless options, both the deployment and adoption have been slow. As FIDO2 has many security and usability advantages over passwords, we investigate what obstacles hinder companies from large-scale deployment of passwordless authentication. We conducted 28 semi-structured interviews with chief information security officers (CISOs) and authentication managers from both companies that have and have not deployed passwordless authentication, as well as FIDO2 experts. Our results shed light on the current state of deployment and perception. We highlight key barriers to adoption, including account recovery, friction, technical issues, regulatory requirements, and security culture. From the obstacles identified, we make recommendations for increasing the adoption of passwordless authentication.

History

Primary Research Area

  • Empirical and Behavioral Security

Name of Conference

Usenix Security Symposium (USENIX-Security)

Journal

USENIX Security Symposium

Publisher

USENIX

BibTeX

@conference{Lassak:Pan:Ur:Golla:2024, title = "Why Aren’t We Using Passkeys? Obstacles Companies Face Deploying FIDO2 Passwordless Authentication", author = "Lassak, Leona" AND "Pan, Elleen" AND "Ur, Blase" AND "Golla, Maximilian", year = 2024, month = 8, journal = "USENIX Security Symposium", publisher = "USENIX" }

Usage metrics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC