Discover and read the best of Twitter Threads about #WebAuthn

Most recents (2)

Happy to share our latest research on #FIDO2 password-less authentication using biometric #WebAuthn, with Leona Lassak, Annika Hildebrandt, and Blase Ur.

Preprint at bottom of thread. Paper to appear at @USENIXSecurity 2021. cc: @FIDOAlliance #usesec21

news.rub.de/english/press-…
Users hate passwords; #WebAuthn could render them obsolete. But hardware security keys (YubiKeys) are inconvenient. Fortunately, end users can also use their phones as #FIDO2 authenticators. The user authorizes each sign in using their usual unlock mechanism (biometric, PIN).
Using your fingerprint to sign into a website is new to most end users. Our research focused on users' initial encounters with biometric WebAuthn. Many will encounter WebAuthn for the first time via a small notification on a website encouraging them to adopt the technology.
Read 12 tweets
Okay, here’s the deal with Security Keys and #phishing, because even some experts don’t really get it. HT @boblord and @runasand for the idea 1/
IN THE BEGINNING, God created passwords. If you knew your password, you could sign in; if you didn’t, the door remained locked. Simple! 2/
Unfortunately, phishers realized that if *they* knew your password, they too could sign in. Relying on a single “knowledge factor” meant if they could make you enter your pwd on their fake login page, they were home scot free. 3/
Read 20 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!