Session Abstract: FIDO2 is targeting to become a de-facto global standard for strong passwordless authentication in the next two to five years. For this to happen, FIDO2 needs to be widely adopted by organizations across industry sectors. Compared to other popular MFA methods (push notifications, OTPs and others), FIDO2 can still be perceived as complex. Its security is largely dependent on a reliable implementation, deployment, and maintenance by all parties (i.e., on the authenticator, client, and server sides). Moreover, some of the design decisions of FIDO2 render numerous enterprise use cases hard or even impossible to address.
In this practical session, we discuss challenges of adopting FIDO2 in enterprises. We also present results of a global non-profit academic research study, conducted by Macquarie University, of FIDO2 integration and adoption. Researchers draw conclusions based on responses collected from more than 100 cybersecurity professionals over 12 months. Furthermore, we discuss the key pain points related to FIDO2 adoption and propose ways to address them.