Casey et al., 2020
An Interoperable Architecture for Usable Password-Less Authentication
book-section
Authors
Casey, M., Manulis, M., Newton, C.J.P., Savage, R., Treharne, H.
Identifiers
Publication
Saracino and Mori, 2020, p. 16-32
Year
2020
Abstract
Passwords are the de facto standard for authentication despite their significant weaknesses. While businesses are currently focused on implementing multi-factor authentication to provide greater security, user adoption is still low. An alternative, WebAuthn, uses cryptographic key pairs to provide password-less authentication. WebAuthn has been standardised and is resilient to phishing attacks. However, its adoption is also very low; the barriers to adoption include usability and resilience of keys. We propose a novel architecture for password-less authentication designed to improve usability and deployability. Our architecture is based on the WebAuthn standards and supports registration and login to web-services. We support a WebAuthn authenticator that generates and uses the key pairs on the client device by providing resilience for these key pairs by using a backup key store in the cloud. We also propose a WebAuthn authenticator using a key store in the cloud so that password-less authentication can be used interoperably between devices. We also assess the properties of these architectures against identified threats and how they can form the basis for improving usability and lowering the technical barriers to adoption of password-less authentication.
(Casey et al., 2020, p. 16)
Links
Citation
Casey, M., Manulis, M., Newton, C.J.P., Savage, R., Treharne, H., 2020. An Interoperable Architecture for Usable Password-Less Authentication, in: Saracino, A., Mori, P. (Eds.), Emerging Technologies for Authorization and Authentication, Lecture Notes in Computer Science. Springer International Publishing, Cham, pp. 16–32. https://doi.org/10.1007/978-3-030-64455-0_2
Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.
This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.