Passwordless (FIDO2) Part 3 — UX Design challenges

Yu Phoebe
Yu Phoebe
Nov 19, 2019 · 3 min read
Image for post
Image for post
Photo by Luca Bravo on Unsplash

Background

Problem with password — Simple passwords are hacker friendly, complicated passwords are not user friendly because users will forget their password etc.

FIDO2 authenticators = Passwordless way to access the account on website browsers

  • Investigate whether FIDO2’s readiness as a passwordless authentication method.

FIDO2 authenticators(hardwares)

FIDO2 authenticators could be built-in biometrics ( desktop and mobile) and hardware security keys (NFC, Bluetooth U2F).

Image for post
Image for post
  • Not all FIDO2 authenticators are talking to all devices, i.e. Some U2F key cannot be plugged in to an iPhone.
Image for post
Image for post

Design challenges

Cross device challenge — If the users only setup the Desktop fingerprint, when they try to sign in their account with their mobile devices. The users won’t be able to access their account.

  • How might we design a simple and strong authentication method that is universal for pairing up with any devices?

FIDO2 Browsers adoption schedule

  • Development readiness — Different browsers have different development schedules and not all FIDO2 authenticators are supported by all browsers/ OS (Chrome, Edge, Firefox, Opera and Safari).
Image for post
Image for post

Design challenge

Cross browser challenge — Different browsers support different authenticators. Chrome may support security key and Safari doesn’t support security key, then users cannot access their account.

  • How might we design an experience that is accessible for all browsers?

FIDO2 authentication flow

Image for post
Image for post

Design challenges

Just like forget password, there will be a chance that the users will lose their FIDO2 authenticator or change to a new device.

  • How might we design a frictionless account recovery experience for FIDO2 users?

Conclusion

During this passwordless transition period, FIDO2 may be used as a second factor. Mainly because password is universal which can be used in any browsers and OS. Also it takes time for users to understand and adopt to new authentication methods.

If we can address the major challenge:

  • How might we design frictionless passwordless experience?

We will expect to see more user using FIDO2 as their preferred authenticator in the future.

Enyk Security

We help organizations of all sizes to achieve data security…

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store