The use of passwords for user authentication has significant shortcomings. As society becomes more dependent on the internet and web services, we need to find a replacement authentication method that users are willing to use. WebAuthn is one potential technology for password replacement. Recent studies have shown that users enjoy the usability of WebAuthn and hardware tokens as a password replacement but don't want to carry them around. Meanwhile, little to no research involves the use of software tokens. I carried out a user study of WebAuthn and roaming software tokens when used as a password replacement. We were able to learn if the shortcoming of WebAuthn and hardware tokens were remedied by the use of smart phones as software tokens. Software tokens have similiar usability to hardware tokens and are more usable than passwords. Users continued fearing loss of access to their account when using software tokens. Users were less worried about carrying an extra device but replaced that fear with the fear of a dead battery or a broken phone.
College and Department
Physical and Mathematical Sciences; Computer Science
BYU ScholarsArchive Citation
Rasmussen, Brian, "A Usability Study of FIDO2 Roaming Software Tokens as a Password Replacement" (2021). Theses and Dissertations. 9227.