TY - CHAP U1 - Konferenzveröffentlichung A1 - Kunke, Johannes A1 - Wiefling, Stephan A1 - Ullmann, Markus A1 - Lo Iacono, Luigi T1 - Evaluation of Account Recovery Strategies with FIDO2-based Passwordless Authentication T2 - Roßnagel, Schunck et al. (Eds.): Open Identity Summit 2021 (OID '21), Lyngby, Denmark, June 1st and 2nd, 2021 N2 - Threats to passwords are still very relevant due to attacks like phishing or credential stuffing. One way to solve this problem is to remove passwords completely. User studies on passwordless FIDO2 authentication using security tokens demonstrated the potential to replace passwords. However, widespread acceptance of FIDO2 depends, among other things, on how user accounts can be recovered when the security token becomes permanently unavailable. For this reason, we provide a heuristic evaluation of 12 account recovery mechanisms regarding their properties for FIDO2 passwordless authentication. Our results show that the currently used methods have many drawbacks. Some even rely on passwords, taking passwordless authentication ad absurdum. Still, our evaluation identifies promising account recovery solutions and provides recommendations for further studies. U6 - https://nbn-resolving.org/urn:nbn:de:hbz:1044-opus-54904 UN - https://nbn-resolving.org/urn:nbn:de:hbz:1044-opus-54904 UR - https://oid2021.compute.dtu.dk/ SN - 978-3-88579-706-7 SB - 978-3-88579-706-7 AX - 2105.12477 SP - 59 EP - 70 PB - Gesellschaft für Informatik e.V. CY - Bonn ER -