Is FIDO2 Passwordless Authentication a Hype or for Real?: A Position Paper

Kemal Bicakci; Yusuf Uzunay

doi:10.1109/ISCTURKEY56345.2022.9931832

Is FIDO2 Passwordless Authentication a Hype or for Real? A Position Paper

Kemal Bicakci, Yusuf Uzunay

Informatics Institute

Securify Information Tech. and Security Training Consulting Ltd.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

10 Citations (Scopus)

Abstract

Operating system and browser support that comes with the FIDO2 standard and the biometric user verification options increasingly available on smart phones has excited everyone, especially big tech companies, about the passwordless future. Does a dream come true, are we finally totally getting rid of passwords? In this position paper, we argue that although passwordless authentication may be preferable in certain situations, it will be still not possible to eliminate passwords on the web in the foreseeable future. We defend our position with five main reasons, supported either by the results from the recent literature or by our own technical and business experience. We believe our discussion could also serve as a research agenda comprising promising future work directions on (passwordless) user authentication.

Original language	English
Title of host publication	15th International Conference on Information Security and Cryptography, ISCTURKEY 2022 - Proceedings
Editors	Ferruh Ozbudak, Seref Sagiroglu, Ali Aydin Selcuk
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	68-73
Number of pages	6
ISBN (Electronic)	9781665456036
DOIs	https://doi.org/10.1109/ISCTURKEY56345.2022.9931832
Publication status	Published - 2022
Event	15th International Conference on Information Security and Cryptography, ISCTURKEY 2022 - Ankara, Turkey Duration: 19 Oct 2022 → 20 Oct 2022

Publication series

Name	15th International Conference on Information Security and Cryptography, ISCTURKEY 2022 - Proceedings

Conference

Conference	15th International Conference on Information Security and Cryptography, ISCTURKEY 2022
Country/Territory	Turkey
City	Ankara
Period	19/10/22 → 20/10/22

Bibliographical note

Publisher Copyright:
© 2022 IEEE.

Funding

This research is funded by TUBITAK (The Scientific and Technological Research Council of Turkey) under the grants No: 3211046 and No:3200184.

Funders	Funder number
Türkiye Bilimsel ve Teknolojik Araştırma Kurumu	3211046

Keywords

authentication
passwords
security
standards
usable security

Access to Document

10.1109/ISCTURKEY56345.2022.9931832

Cite this

Bicakci, K., & Uzunay, Y. (2022). Is FIDO2 Passwordless Authentication a Hype or for Real? A Position Paper. In F. Ozbudak, S. Sagiroglu, & A. A. Selcuk (Eds.), 15th International Conference on Information Security and Cryptography, ISCTURKEY 2022 - Proceedings (pp. 68-73). (15th International Conference on Information Security and Cryptography, ISCTURKEY 2022 - Proceedings). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ISCTURKEY56345.2022.9931832

Bicakci, Kemal ; Uzunay, Yusuf. / Is FIDO2 Passwordless Authentication a Hype or for Real? A Position Paper. 15th International Conference on Information Security and Cryptography, ISCTURKEY 2022 - Proceedings. editor / Ferruh Ozbudak ; Seref Sagiroglu ; Ali Aydin Selcuk. Institute of Electrical and Electronics Engineers Inc., 2022. pp. 68-73 (15th International Conference on Information Security and Cryptography, ISCTURKEY 2022 - Proceedings).

@inproceedings{7cf4134519d74d6aa99cfcdcd124f870,

title = "Is FIDO2 Passwordless Authentication a Hype or for Real?: A Position Paper",

abstract = "Operating system and browser support that comes with the FIDO2 standard and the biometric user verification options increasingly available on smart phones has excited everyone, especially big tech companies, about the passwordless future. Does a dream come true, are we finally totally getting rid of passwords? In this position paper, we argue that although passwordless authentication may be preferable in certain situations, it will be still not possible to eliminate passwords on the web in the foreseeable future. We defend our position with five main reasons, supported either by the results from the recent literature or by our own technical and business experience. We believe our discussion could also serve as a research agenda comprising promising future work directions on (passwordless) user authentication.",

keywords = "authentication, passwords, security, standards, usable security",

author = "Kemal Bicakci and Yusuf Uzunay",

note = "Publisher Copyright: {\textcopyright} 2022 IEEE.; 15th International Conference on Information Security and Cryptography, ISCTURKEY 2022 ; Conference date: 19-10-2022 Through 20-10-2022",

year = "2022",

doi = "10.1109/ISCTURKEY56345.2022.9931832",

language = "English",

series = "15th International Conference on Information Security and Cryptography, ISCTURKEY 2022 - Proceedings",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "68--73",

editor = "Ferruh Ozbudak and Seref Sagiroglu and Selcuk, {Ali Aydin}",

booktitle = "15th International Conference on Information Security and Cryptography, ISCTURKEY 2022 - Proceedings",

address = "United States",

}

Bicakci, K & Uzunay, Y 2022, Is FIDO2 Passwordless Authentication a Hype or for Real? A Position Paper. in F Ozbudak, S Sagiroglu & AA Selcuk (eds), 15th International Conference on Information Security and Cryptography, ISCTURKEY 2022 - Proceedings. 15th International Conference on Information Security and Cryptography, ISCTURKEY 2022 - Proceedings, Institute of Electrical and Electronics Engineers Inc., pp. 68-73, 15th International Conference on Information Security and Cryptography, ISCTURKEY 2022, Ankara, Turkey, 19/10/22. https://doi.org/10.1109/ISCTURKEY56345.2022.9931832

Is FIDO2 Passwordless Authentication a Hype or for Real? A Position Paper. / Bicakci, Kemal; Uzunay, Yusuf.
15th International Conference on Information Security and Cryptography, ISCTURKEY 2022 - Proceedings. ed. / Ferruh Ozbudak; Seref Sagiroglu; Ali Aydin Selcuk. Institute of Electrical and Electronics Engineers Inc., 2022. p. 68-73 (15th International Conference on Information Security and Cryptography, ISCTURKEY 2022 - Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Is FIDO2 Passwordless Authentication a Hype or for Real?

T2 - 15th International Conference on Information Security and Cryptography, ISCTURKEY 2022

AU - Bicakci, Kemal

AU - Uzunay, Yusuf

PY - 2022

Y1 - 2022

N2 - Operating system and browser support that comes with the FIDO2 standard and the biometric user verification options increasingly available on smart phones has excited everyone, especially big tech companies, about the passwordless future. Does a dream come true, are we finally totally getting rid of passwords? In this position paper, we argue that although passwordless authentication may be preferable in certain situations, it will be still not possible to eliminate passwords on the web in the foreseeable future. We defend our position with five main reasons, supported either by the results from the recent literature or by our own technical and business experience. We believe our discussion could also serve as a research agenda comprising promising future work directions on (passwordless) user authentication.

AB - Operating system and browser support that comes with the FIDO2 standard and the biometric user verification options increasingly available on smart phones has excited everyone, especially big tech companies, about the passwordless future. Does a dream come true, are we finally totally getting rid of passwords? In this position paper, we argue that although passwordless authentication may be preferable in certain situations, it will be still not possible to eliminate passwords on the web in the foreseeable future. We defend our position with five main reasons, supported either by the results from the recent literature or by our own technical and business experience. We believe our discussion could also serve as a research agenda comprising promising future work directions on (passwordless) user authentication.

KW - authentication

KW - passwords

KW - security

KW - standards

KW - usable security

UR - http://www.scopus.com/inward/record.url?scp=85142842790&partnerID=8YFLogxK

U2 - 10.1109/ISCTURKEY56345.2022.9931832

DO - 10.1109/ISCTURKEY56345.2022.9931832

M3 - Conference contribution

AN - SCOPUS:85142842790

T3 - 15th International Conference on Information Security and Cryptography, ISCTURKEY 2022 - Proceedings

SP - 68

EP - 73

BT - 15th International Conference on Information Security and Cryptography, ISCTURKEY 2022 - Proceedings

A2 - Ozbudak, Ferruh

A2 - Sagiroglu, Seref

A2 - Selcuk, Ali Aydin

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 19 October 2022 through 20 October 2022

ER -

Bicakci K, Uzunay Y. Is FIDO2 Passwordless Authentication a Hype or for Real? A Position Paper. In Ozbudak F, Sagiroglu S, Selcuk AA, editors, 15th International Conference on Information Security and Cryptography, ISCTURKEY 2022 - Proceedings. Institute of Electrical and Electronics Engineers Inc. 2022. p. 68-73. (15th International Conference on Information Security and Cryptography, ISCTURKEY 2022 - Proceedings). doi: 10.1109/ISCTURKEY56345.2022.9931832