Evaluation of Account Recovery Strategies with FIDO2-based Passwordless Authentication
- Threats to passwords are still very relevant due to attacks like phishing or credential stuffing. One way to solve this problem is to remove passwords completely. User studies on passwordless FIDO2 authentication using security tokens demonstrated the potential to replace passwords. However, widespread acceptance of FIDO2 depends, among other things, on how user accounts can be recovered when the security token becomes permanently unavailable. For this reason, we provide a heuristic evaluation of 12 account recovery mechanisms regarding their properties for FIDO2 passwordless authentication. Our results show that the currently used methods have many drawbacks. Some even rely on passwords, taking passwordless authentication ad absurdum. Still, our evaluation identifies promising account recovery solutions and provides recommendations for further studies.
Download full text files
CC BY-SA 4.0
Additional Services
Statistics
| Document Type: | Conference Object |
|---|---|
| Language: | English |
| Author: | Johannes Kunke, Stephan WieflingORCiD, Markus Ullmann, Luigi Lo Iacono |
| Parent Title (English): | Roßnagel, Schunck et al. (Eds.): Open Identity Summit 2021 (OID '21), Lyngby, Denmark, June 1st and 2nd, 2021 |
| First Page: | 59 |
| Last Page: | 70 |
| ISBN: | 978-3-88579-706-7 |
| URN: | urn:nbn:de:hbz:1044-opus-54904 |
| URL: | https://oid2021.compute.dtu.dk/ |
| Handle: | https://dl.gi.de/handle/20.500.12116/36502 |
| ArXiv Id: | http://arxiv.org/abs/2105.12477 |
| Publisher: | Gesellschaft für Informatik e.V. |
| Place of publication: | Bonn |
| Publishing Institution: | Hochschule Bonn-Rhein-Sieg |
| Date of first publication: | 2021/05/20 |
| Departments, institutes and facilities: | Fachbereich Informatik |
| Institut für Cyber Security & Privacy (ICSP) | |
| Dewey Decimal Classification (DDC): | 0 Informatik, Informationswissenschaft, allgemeine Werke / 00 Informatik, Wissen, Systeme / 005 Computerprogrammierung, Programme, Daten |
| Entry in this database: | 2021/05/19 |
| Licence (German): |  Creative Commons - CC BY-SA - Namensnennung - Weitergabe unter gleichen Bedingungen 4.0 International |
