QRAuth: A Secure and Accessible Web Authentication Alternative to FIDO2

QRAuth: A Secure and Accessible Web Authentication Alternative to FIDO2

연구 분야: Analysis

학회: 2023 16th International Conference on Information Security and Cryptology (ISCTürkiye)

A recently popular alternative being proposed to password-based web authentication is FIDO2 standard. Although phishing-resistant password-less authentication with FIDO2 is a step in the right direction, it falls short in numerous usability and accessibility aspects. FIDO2 protocols requiring specific hardware and software devices that must be "FIDO certified" could prevent it from reaching a wide audience. Furthermore, end-users’ perception, acceptance, and usability concerns can potentially hinder widespread adoption. As an answer to these shortcomings, we present a QR-Code-based authentication protocol that offers the same security guarantees of public key cryptography coupled with more accessible infrastructure that can be easily integrated into existing systems.