"Passwords are dead!"
This statement has appeared in the media several times over the past ten years. The reason is clear: people are not only bad at coming up with unique, secure passwords, but they also struggle to remember them. This problem has been known to IT security research for some time.
As a result, there have been various efforts in the past to reduce the significance of passwords in securing online accounts. One of these approaches is the now somewhat common two-factor authentication, where a second factor is required in addition to a password for login. This means that attackers in possession of a stolen password cannot easily complete the login process to the affected online account.
A significantly different approach, however, is encapsulated by the terms FIDO2 and Passkeys. This method aims not only to reduce the importance of secure passwords but also to offer a possibility for secure, passwordless authentication in the future. Although this is a promising standard with broad support from the IT industry, these passwordless methods currently hold little relevance in most people's everyday lives.
Against this backdrop, we are exploring the questions of what deters people from using FIDO2 or Passkeys and how the technology should evolve to increase acceptance among the general population.
Project Lead: Daniel Rotter
Period: 2024–2026
