blog

Top myths about FIDO2 security keys and Passwordless access

30-01-2023

We have been getting quite a lot of questions about the security level of FIDO keys, in the light of some recent news and research papers covering potential vulnerabilities of both the protocol stack itself and the hardware of certain implementations.


There are also misconceptions about the authentication implementations where FIDO2 keys are the only component (such as Passwordless and similar). Although most of these questions and subjects were already clarified by FIDO Alliance itself and many of the members on several occasions, in this post we will cover them once more in the context of our security keys and to be referenced by our support team when such questions are asked.



Myth 1. FIDO2 keys are similar to OTP hardware (or software) tokens

Some security keys (including many Token2 models), have OTP functionality built in. This creates a misunderstanding in some cases; therefore, it is important to mention once more that even though they are implemented on the same device - the OTP features are implemented as a separate “nice to have” functionality and have nothing to do with FIDO specifications. The comparison below will compare the FIDO Security Keys with OTP tokens, but we will compare the protocols and the risks associated with them, even though they can coexist on the same physical device.


 Factor

 OTP 

 FIDO

 Platform limitations

 No platform dependence, widely implemented

 Only browsers and systems emulating browsers. USB, NFC or BLE interface required

 Server-side implementation

 Simple, modules/libraries available under any languages and frameworks

 JavaScript (client side) and server-side implementation. Limited modules and libraries are currently available (but growing)

Operating principle

 Shared secret

 Public key cryptography

 Phishing resistance

 None (vulnerable)  

 Phishing resistant



Myth 2. Passwordless makes the authentication a 1FA (one factor)

If implemented correctly, using FIDO2 security keys for Passwordless login is currently the most secure method for user authentication systems that currently exist in this industry.

There is still more than one factor used in Passwordless authentication, and we can illustrate the process by describing what a typical login process looks like:

  • When a user is prompted to perform a Passwordless login, he/she plugs the FIDO2 security key. Possession of a security key (not any, but the one that was previously registered with this particular authentication server) is the first factor.
  • The second step of authentication is allowing the authentication server to access the protected data stored on the security key, which is only possible when the user unlocks the key. This is what the Passwordless access method requires your FIDO security key to have. If you happen to have a security key not protected by a PIN code, the system will force you to create one upon first registration and refuse to enroll in the key if you don’t do it. Unlocking can be done with a PIN code. This PIN code can be as complex as a password - the reason for calling this unlock code a PIN code is to differentiate it from the classic passwords (in our opinion, “unlock code” is a better term). This is your second authentication factor. The hardware keys with biometrics allow you to simplify the process of entering the PIN code by substituting it with your fingerprints (but the PIN code will still be present as an emergency access method).

Myth 3. The FIDO keys are still vulnerable

There are several research papers describing the potential vulnerabilities of FIDO security keys, that make people trust the technology less. Here are some of them:

  • Security Issue with Bluetooth Low Energy (BLE) Titan Security Keys (Google) [1] 
  • Side-Channel Attack on the Google Titan Security Key (NinjaLab) [2]
  • Provable Security Analysis of FIDO2 (University of Porto (FCUP) and INESC TEC) [3] 
  • Security and Trust in Open Source Security Tokens [4]
  • PIN Theft attack against FIDO2 Security keys [5]
  • Side-Channel Attack on the YubiKey 5 Series [6]
  • YubiKey FIPS applications reduced randomness [7]

 

Even though most of the papers leave room for questions and lack clarity in some aspects, we will not go into evaluating their outcomes and just assume the vulnerabilities are there. Even with these vulnerabilities, FIDO security keys remain the most secure technology at the moment, especially if taking into account one prerequisite that is an absolute must for these accounts to become successful: the attackers need to have physical access to the hardware.

In real-life practice, this prerequisite is very hard to be met, and therefore the risk can be safely ignored.

References

[1] Google Security Blog, Titan Keys Update, 2019, https://security.googleblog.com/2019/05/titan-keys-update.html

[2] Roche, T., Lomné, V., Mutschler, C., & Imbert, L. (2021, August). A Side Journey To Titan. In USENIX Security Symposium (pp. 231-248).

[3] Barbosa, M., Boldyreva, A., Chen, S., & Warinschi, B. (2021). Provable security analysis of FIDO2. In Advances in Cryptology–CRYPTO 2021: 41st Annual International Cryptology Conference, CRYPTO 2021, Virtual Event, August 16–20, 2021, Proceedings, Part III 41 (pp. 125-156). Springer International Publishing.

[4] Schink, M., Wagner, A., Unterstein, F., & Heyszl, J. (2021). Security and trust in open source security tokens. IACR Transactions on Cryptographic Hardware and Embedded Systems, 176-201.

[5] Huseynov E., PIN Theft Attack against FIDO2 Security Keys, 3rd IFSA Winter Conference on Automation, Robotics & Communications for Industry 4.0/5.0, ARCI' 2023, (pp. 159-161)

[6] Roche, T. , EUCLEAK, Side-Channel Attack on the YubiKey 5 Series, (2024, September) NinjaLabs

[7] Yubico , (2019, June), Yubikey FIPS - Security advisory YSA-2019-02, Yubico

review


Did you know?

Token2 is offering currently the most secure FIDO2 keys for enterprise customers, known as the PIN+ Series FIDO2 keys. These keys, certified by the FIDO alliance, enforce PIN complexity at the firmware level. This unique feature is not available with other keys, even those marked as FIPS-certified.