Passwordless (FIDO2) Part 2 — user review

Yu Phoebe
Yu Phoebe
Oct 14, 2019 · 3 min read
Image for post
Image for post
Photo by Headway on Unsplash

We interviewed two groups of users; our development team tested Github’s FIDO2 features and non-tech/ semi-tech users’ tested Webauthn.io. Here is our user review focusing on Passwordless (FIDO2) desktop using Chrome.

Developers’ review — Github

  1. Set up 2FA ( If the user didn’t set it up previously)
  2. Go to settings > Security > Security Keys
  3. Add security key
Image for post
Image for post
Github — set up FIDO2 authenticator ( Screen recording )
  1. Input user ID and password
  2. Show FIDO2 authenticator
Image for post
Image for post
Github — set up sign in with FIDO2 authenticator ( Screenshot )

👎 Lack of clarity. Users are required to name the device before showing the FIDO2 devices. There is an assumption that users know which FIDO2 authentication method they are going to use to set up FIDO2.

👎It’s not 100% passwordless yet. Users are still required to input password before showing FIDO2 authenticator ( FIDO2 is used as 2-step verification at the moment).

👎Not all browsers and systems support FIDO2 yet. Let’s imagine that you set up biometrics as the FIDO2 authenticator on chrome and FIDO2 is not supported by Safari then you may not have access to your account using Safari.

Users’ review — webauthn.io

We also interviewed to 6 non-tech and semi-tech users. Here’s their thoughts on using webauthn.io for the first time.

  1. Enter username
  2. Show FIDO2 authenticator
Image for post
Image for post
Enter username > Show FIDO2
  1. Enter username
  2. Show FIDO2 authenticator
Image for post
Image for post
Enter username > Show FIDO2 Biometrics

👎 New pop ups are scary. Most users have not seen this pop up before. One non-tech user finds this new pop up confusing and is not sure whether this was an advertisement pop up or a browser pop up.

👎 Undesirable Security key. Only one user has seen or used a security key before. Most users are worried about losing the security key and think it is inconvenient to keep another device.

👎 Safety concern on Biometrics. Some users are skeptical about where biometrics is stored.

👍 Convenient biometrics. Most users prefer biometrics over security key. The process is smooth and simple.

  • expect to see FIDO2 in banking services, online transactions, and work-related accounts.
  • think biometrics are for personal accounts and security key to be provided by their workplace.

Conclusion

Comparing with password, scoring out of 5 ⭐s:

Tech Readiness | ⭐⭐

Usability | ⭐⭐⭐

Convenience | ⭐⭐⭐

Feeling secured | ⭐⭐⭐⭐

FIDO2 as a passwordless method is still at a very early stage of the development process. There is definitely room to improve the usability for the users.

Hopefully more people will benefit from this technology. I’m really looking forward to it. What do you think?

Enyk Security

We help organizations of all sizes to achieve data security…

Yu Phoebe

Written by

Yu Phoebe

Product UX Designer@XD Labo | UX Testing community @ TestlaHK Organiser

Enyk Security

We help organizations of all sizes to achieve data security with encryption and access management technology

Yu Phoebe

Written by

Yu Phoebe

Product UX Designer@XD Labo | UX Testing community @ TestlaHK Organiser

Enyk Security

We help organizations of all sizes to achieve data security with encryption and access management technology

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store