Related papers: Verifiable Passkey: The Decentralized Authenticati…
Phishing attacks remain one of the most prevalent threats to online security, with the Anti-Phishing Working Group reporting over 890,000 attacks in Q3 2025 alone. Traditional password-based authentication is particularly vulnerable to such…
With passkeys, the FIDO Alliance introduces the ability to sync FIDO2 credentials across a user's devices through passkey providers. This aims to mitigate user concerns about losing their devices and promotes the shift toward password-less…
Passkeys -- discoverable WebAuthn credentials synchronised across devices are widely promoted as the future of passwordless authentication. Built on the FIDO2 standard, they eliminate shared secrets and resist phishing while offering…
Passwordless authentication was first tested for seamless and secure merchant payments without the use of passwords or pins. It opened a whole new world of authentications giving up the former reliance on traditional passwords. It relied on…
Fast Identity Online 2 (FIDO2), a modern authentication protocol, is gaining popularity as a default strong authentication mechanism. It has been recognized as a leading candidate to overcome limitations (e.g., it is phishing resistant) of…
Password-authenticated identities, where users establish username-password pairs with individual servers and use them later on for authentication, is the most widespread user authentication method over the Internet. Although they are…
Operating system and browser support that comes with the FIDO2 standard and the biometric user verification options increasingly available on smart phones has excited everyone, especially big tech companies, about the passwordless future.…
Web authentication is a critical component of today's Internet and the digital world we interact with. The FIDO2 protocol enables users to leverage common devices to easily authenticate to online services in both mobile and desktop…
Authentication systems have evolved a lot since the 1960s when Fernando Corbato first proposed the password-based authentication. In 2013, the FIDO Alliance proposed using secure hardware for authentication, thus marking a milestone in the…
Unequivocally, a single man in possession of a strong password is not enough to solve the issue of security. Studies indicate that passwords have been subjected to various attacks, regardless of the applied protection mechanisms due to the…
FIDO2 and the WebAuthn standard offer phishing-resistant, public-key based authentication but traditionally rely on device-bound cryptographic keys that are not naturally portable across user devices. Recent passkey deployments address this…
With challenges and limitations associated with security in the fintech industry, the rise to the need for data protection increases. However, the current existing passwordless and password-based peer to peer transactions in online banking…
This paper presents a timing attack on the FIDO2 (Fast IDentity Online) authentication protocol that allows attackers to link user accounts stored in vulnerable authenticators, a serious privacy concern. FIDO2 is a new standard specified by…
With the rise of sophisticated authentication bypass techniques, passwords are no longer considered a reliable method for securing authentication systems. In recent years, new authentication technologies have shifted from traditional…
Single sign-on (SSO) systems, such as OpenID and OAuth, allow web sites, so-called relying parties (RPs), to delegate user authentication to identity providers (IdPs), such as Facebook or Google. These systems are very popular, as they…
Authentication with username and password is becoming an inconvenient process for the user. End users typically have little control over their personal privacy, and data breaches effecting millions of users have already happened several…
Most of the security services in the connected world of cyber-physical systems necessitate authenticating a large number of nodes privately. In this paper, the private authentication problem is considered which consists of a certificate…
Single sign-on (SSO) allows a user to maintain only the credential for an identity provider (IdP) to log into multiple relying parties (RPs). However, SSO introduces privacy threats, as (a) a curious IdP could track a user's all visits to…
Security systems demand continuous, cryptograph- ically robust identity verification without requiring subjects to carry physical tokens, smart cards, or dedicated hardware authenticators. This paper presents BIDO (Biometric Identity…
Threats to passwords are still very relevant due to attacks like phishing or credential stuffing. One way to solve this problem is to remove passwords completely. User studies on passwordless FIDO2 authentication using security tokens…