QRAuth: A Secure and Accessible Web Authentication Alternative to FIDO2

Kemal Bicakci*, Ahmet Drobi

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

A recently popular alternative being proposed to password-based web authentication is FIDO2 standard. Although phishing-resistant password-less authentication with FIDO2 is a step in the right direction, it falls short in numerous usability and accessibility aspects. FIDO2 protocols requiring specific hardware and software devices that must be "FIDO certified"could prevent it from reaching a wide audience. Furthermore, end-users' perception, acceptance, and usability concerns can potentially hinder widespread adoption. As an answer to these shortcomings, we present a QR-Code-based authentication protocol that offers the same security guarantees of public key cryptography coupled with more accessible infrastructure that can be easily integrated into existing systems.

Original languageEnglish
Title of host publication16th International Conference on Information Security and Cryptology, ISCTURKEY 2023 - Proceedings
EditorsAli Aydin Selcuk, Oguz Yayla, Seref Sagiroglu, Cihangir Tezcan
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9798350393996
DOIs
Publication statusPublished - 2023
Event16th International Conference on Information Security and Cryptology, ISCTURKEY 2023 - Ankara, Turkey
Duration: 18 Oct 202319 Oct 2023

Publication series

Name16th International Conference on Information Security and Cryptology, ISCTURKEY 2023 - Proceedings

Conference

Conference16th International Conference on Information Security and Cryptology, ISCTURKEY 2023
Country/TerritoryTurkey
CityAnkara
Period18/10/2319/10/23

Bibliographical note

Publisher Copyright:
© 2023 IEEE.

Keywords

  • authentication protocol
  • FIDO2
  • passwordless authentication
  • public-key cryptography
  • user authentication

Fingerprint

Dive into the research topics of 'QRAuth: A Secure and Accessible Web Authentication Alternative to FIDO2'. Together they form a unique fingerprint.

Cite this