2023
Usability Evaluation of FIDO2 on Smartphones
Passwords are the de-facto standard for user authentication, but they are hard to memorize and vulnerable to phishing/reuse attacks. Wouldn’t it be great if there was a standard way to use phishing-resistant public-key crypto for user authentication? Previous attempts suffered from poor usability, but FIDO2 and WebAuthn are promising.
We analyzed the usability of FIDO2 passwordless authentication by conducting a lab study with 87 participants. We compared platform authentication (biometric) with roaming authentication (security key) to determine the practical tradeoffs as perceived by users in a mobile scenario.
🏆 This study won a best paper award at CHI’23, the top international conference for human-computer interaction.