One of the main complaints of advanced authentication systems is usability. In FIDO2 multi-factor authentication, experts believe that platform authenticators respond to the usability challenges, but do they help the user experience? In his article for ‘Help Net Security, Alex Grinman shares the problems that exist with FIDO2 authenticators and how they can obstruct cybersecurity for enterprises.
Universal Second Factor
Universal Second Factor (U2F) is deemed the predecessor of FIDO2. It came before laptops, mobiles, and tablets had biometric securities such as fingerprint recognition. These devices did not have secured crypto-coprocessors, usually known as Secure Enslaves or TPMs. The U2F, just like FIDO2 or WebAuthn, was planned to provide swift and unphishable authentication based on strong cryptography.
FIDO2 Vs. U2F
FIDO2 has improved on several aspects compared to U2F, most notably in the platform authenticator, which efficiently solves usability problems. Platform authenticator is a virtual security key built on top of iOS or Windows platforms that have access to an embedded crypto-coprocessor. The user experience of FIDO2 is considerably better than its contemporaries. The browsers have secure enclaves and a biometric module to authenticate you.
Is Platform Authenticator Enterprise-Ready?
Experts believe platform authenticators to be a giant leap forward, but they are not enterprise-ready. One of the main reasons is that their keys are not portable. They can only be used on the platform for which they were created. For instance, if you have registered your essential credential on your laptop, you will not access it on your other devices.
Another problem that platform authenticators pose is that they are not available for every device. For instance, Apple iMacs and non-touchID MacBooks are not provided with TPMs and do not support FIDO2 in the default browser. This can lead to uneven deployment, and complicated enrolment flows.
Click on the link to read the full article: https://www.helpnetsecurity.com/2021/07/05/fido2-authenticators/