You still use the password after all Exploring FIDO2 Security Keys - - PowerPoint PPT Presentation

you still use the password after all
SMART_READER_LITE
LIVE PREVIEW

You still use the password after all Exploring FIDO2 Security Keys - - PowerPoint PPT Presentation

Dec 10, 2023 457 likes •574 views

You still use the password after all Exploring FIDO2 Security Keys in a Small Company Florian M. Farke, Lennart Lorenz, Theodor Schnitzler, Philipp Markert, and Markus Drmuth Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020)

slide-1
SLIDE 1

Exploring FIDO2 Security Keys in a Small Company

“You still use the password after all”

Florian M. Farke, Lennart Lorenz, Theodor Schnitzler, Philipp Markert, and Markus Dürmuth Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020)

slide-2
SLIDE 2

WEB AUTHENTICATION VIA PASSWORDS

Username + Password Webserver

slide-3
SLIDE 3

PHISHING OF PASSWORDS

Username + Password Attacker Phishing Identity Theft

slide-4
SLIDE 4

FIDO2 → REPLACING PASSWORDS

FIDO2 Authenticator Webserver Phishing

slide-5
SLIDE 5

FIDO2 “PASSWORDLESS” SETUP

User Presence / Verification Authenticator Relying Party Client

slide-6
SLIDE 6

STUDY

Study Environment Participants Implementation

  • Optional FIDO2 login
  • Software company
  • Life sciences sector
  • 8 employees
  • Sales, developers, managers
slide-7
SLIDE 7

STUDY PROTOCOL 4 Weeks Workshop Interview

slide-8
SLIDE 8

“It’s more secure because no password needs to be transmitted, the key is used [...] to sign in.” – P6 “It is okay [to use the key] for stuff like online banking [...] not for Facebook or email” – P6 SECURITY AND PURPOSE

slide-9
SLIDE 9

ADOPTION BARRIERS “I just entered the password because I am used to it.” – P7 “Well, if I forget or loose it, I couldn’t get into my account” – P3

slide-10
SLIDE 10

AUTHENTICATION TIMINGS

Time (s) 10 20 30 40 50 Security key Browser auto-fill Manual logins

slide-11
SLIDE 11

CONTACT Florian Farke

Mobile Security Group Ruhr University Bochum florian.farke@rub.de