Balancing Security and Usability in Enterprise FIDO Passkey Recovery With Peer Assistance

With the adoption of FIDO2 (Fast IDentity Online 2) and passkeys for passwordless authentication, balancing security and usability in account recovery and credential migration has become critical for enterprises. Traditional FIDO2 recovery solutions - which often depend on third-party cloud providers (e.g., Google Cloud backups, Apple iCloud Keychain synchronization) - introduce security risks, such as downgrade attacks, or impose usability and cost burdens, making them less suitable for corporate environments. This paper presents a peer-assisted FIDO2 passkey recovery approach that enhances security while maintaining user-friendly deployment. By leveraging peer-assisted key splitting and encrypted storage, the method eliminates reliance on external cloud providers, ensures compliance with FIDO2 standards, and provides resilience against eventual server compromise and unauthorized recovery attempts. The proposed solution is evaluated using the usability-deployability-security framework, demonstrating that it offers a scalable, secure, and user-friendly alternative to existing recovery mechanisms. This approach strengthens enterprise adoption of FIDO2 by improving both security resilience and usability in account recovery.