Challenges with Passwordless FIDO2 in an Enterprise Setting: A Usability Study

TL;DR

This study examines the usability challenges of implementing FIDO2 passwordless authentication in enterprise environments, highlighting key issues like account recovery and integration complexities based on professional user feedback.

Contribution

It provides empirical insights into enterprise-specific challenges with FIDO2, emphasizing practical issues like account recovery and legacy system integration.

Findings

Over 60% of professionals cited account recovery as a major challenge.

Identified gaps in FIDO2 integration for remote workforce and legacy systems.

Highlighted need for improved solutions in enterprise deployment.

Abstract

Fast Identity Online 2 (FIDO2), a modern authentication protocol, is gaining popularity as a default strong authentication mechanism. It has been recognized as a leading candidate to overcome limitations (e.g., it is phishing resistant) of existing authentication solutions. However, the task of deprecating weak methods such as password-based authentication is not trivial and requires a comprehensive approach. While security, privacy, and end-user usability of FIDO2 have been addressed in both academic and industry literature, the difficulties associated with its integration with production environments, such as solution completeness or edge-case support, have received little attention. In particular, complex environments such as enterprise identity management pose unique challenges for any authentication system. In this paper, we identify challenging enterprise identity lifecycle use cases (e.g., remote workforce and legacy systems) by conducting a usability study, in which 118 professionals shared their perception of challenges to FIDO2 integration from their hands-on field experience. Our analysis of the user study results revealed serious gaps such as account recovery (selected by over 60% of our respondents), and identify priority development areas for the FIDO2 community.