TL;DR
This study compares platform and roaming FIDO2 authentication methods on smartphones, revealing user preferences, acceptance levels, and barriers to adoption in real-world mobile scenarios.
Contribution
First lab study comparing platform and roaming FIDO2 authentication on smartphones, highlighting user perceptions and practical adoption barriers.
Findings
Most users willing to adopt passwordless authentication
Users prioritize usability, security, and availability differently by account type
Barriers include lack of support for delegation and multi-device use
Abstract
Modern smartphones support FIDO2 passwordless authentication using either external security keys or internal biometric authentication, but it is unclear whether users appreciate and accept these new forms of web authentication for their own accounts. We present the first lab study (N=87) comparing platform and roaming authentication on smartphones, determining the practical strengths and weaknesses of FIDO2 as perceived by users in a mobile scenario. Most participants were willing to adopt passwordless authentication during our in-person user study, but closer analysis shows that participants prioritize usability, security, and availability differently depending on the account type. We identify remaining adoption barriers that prevent FIDO2 from succeeding password authentication, such as missing support for contemporary usage patterns, including account delegation and usage on multiple…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
