Open in app

Sign in

Write

Sign in

Passwordless (FIDO2) Part 2 — user review

Yu Phoebe
Niomon Engineering
Published in
3 min readOct 14, 2019
Photo by Headway on Unsplash

We interviewed two groups of users; our development team tested Github’s FIDO2 features and non-tech/ semi-tech users’ tested Webauthn.io. Here is our user review focusing on Passwordless (FIDO2) desktop using Chrome.

Developers’ review — Github

Github — set up FIDO2 authenticator

  1. Set up 2FA ( If the user didn’t set it up previously)
  2. Go to settings > Security > Security Keys
  3. Add security key
Github — set up FIDO2 authenticator ( Screen recording )

Github — sign in with FIDO2 authenticator

  1. Input user ID and password
  2. Show FIDO2 authenticator
Github — set up sign in with FIDO2 authenticator ( Screenshot )

Github FIDO2 pain points

👎 Lack of clarity. Users are required to name the device before showing the FIDO2 devices. There is an assumption that users know which FIDO2 authentication method they are going to use to set up FIDO2.

👎It’s not 100% passwordless yet. Users are still required to input password before showing FIDO2 authenticator ( FIDO2 is used as 2-step verification at the moment).

👎Not all browsers and systems support FIDO2 yet. Let’s imagine that you set up biometrics as the FIDO2 authenticator on chrome and FIDO2 is not supported by Safari then you may not have access to your account using Safari.

Users’ review — webauthn.io

We also interviewed to 6 non-tech and semi-tech users. Here’s their thoughts on using webauthn.io for the first time.

Webauthn.io — set up FIDO2 authenticator

  1. Enter username
  2. Show FIDO2 authenticator
Enter username > Show FIDO2

Webauthn.io — sign in with FIDO2 authenticator

  1. Enter username
  2. Show FIDO2 authenticator
Enter username > Show FIDO2 Biometrics

Pain points

👎 New pop ups are scary. Most users have not seen this pop up before. One non-tech user finds this new pop up confusing and is not sure whether this was an advertisement pop up or a browser pop up.

👎 Undesirable Security key. Only one user has seen or used a security key before. Most users are worried about losing the security key and think it is inconvenient to keep another device.

👎 Safety concern on Biometrics. Some users are skeptical about where biometrics is stored.

Likes

👍 Convenient biometrics. Most users prefer biometrics over security key. The process is smooth and simple.

Most users …

  • expect to see FIDO2 in banking services, online transactions, and work-related accounts.
  • think biometrics are for personal accounts and security key to be provided by their workplace.

Conclusion

Comparing with password, scoring out of 5 ⭐s:

Tech Readiness | ⭐⭐

Usability | ⭐⭐⭐

Convenience | ⭐⭐⭐

Feeling secured | ⭐⭐⭐⭐

FIDO2 as a passwordless method is still at a very early stage of the development process. There is definitely room to improve the usability for the users.

Hopefully more people will benefit from this technology. I’m really looking forward to it. What do you think?

Security
Passwordless
UX Design
Fido2
Authentication

--

--

Yu Phoebe
Niomon Engineering

Written by Yu Phoebe

5 Followers
Writer for

Product UX Designer | Colearning community organiser @Colearnla | UX Testing community organiser@ TestlaHK

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams