• Skipping
    • Usability (whole set of things that will not be covered in this blog post)
    • Targeted attacks / schemes that attempt to improve user-chosen secrets
    • Need to carry something that can be stolen? (no systems that have been proposed are vulnerable to this? Maybe passkey on unlocked phones?)
    • Third-party schemes (like SSO)
    • Linkability (ability for websites to collude and determine that two users are the same)
    • Session lifetime (since authentication can last a long time before the user needs to reauthenticate)
  • Key space
  • storage (resilience to leaks)
    • clear vs hash vs public key vs TPM
  • resistance to shoulder-surfing
  • resistance to eavesdropping on cleartext (so schemes that are replay-resistant)
  • resistance to phishing
  • explicit consent (passwords / pins)
  1. User-chosen secrets (the worst)
    • Bank PINs and website passwords
  2. User-chosen secrets supplemented with a code
    • TOTP 2FA
  3. fixed key stored with hash (kind of asymmetric!)
    • If password is sufficiently strong, this is secure even if there is a data breach
  4. fixed key / challenge-response stored in clear (allows for ambiguous input!)
    • Great against shoulder-surfing, but the problem is that this is not secure in case of a data breach
  5. challenge-response with asymmetric key
    • Certificate-based auth (secure against eavesdropping and data breaches)
  6. website-variable authentication (resists phishing)
    • PwdHash (POC browser extension)
    • Password Managers
    • FIDO2 keys
    • All rely on the website domain as identified by the browser, which is no worse and usually better than human website identification.

Different existing methods:

  • FIDO2 keys are the best because they combine all of these benefits, but they do rely on you maintaining possession of the key
  • TOTP codes are not phishing resistant, but they do help with shoulder-surfing
  • Push notifications are not phishing resistant. They just have more entropy than a time-based code.
  • SMS and email codes are not phishing resistant, and are susceptible to eavesdropping.
  • Magic links are phishing resistant! (BUT they only test for possession of the email address, should use a fixed key and/or a certificate per user and then be signed)
    • Shifts security to the email provider / authentication method of the email provider
  • Passkeys are just a TPM-based FIDO2 key that communicates with the browser via Bluetooth instead of USB. Passkey = multi-device FIDO key