There is now an alternative to the already known method of password-based authentication. To make it more difficult for attackers to obtain information with malware or so-called "social engineering" attacks, specialists have developed passwordless authentication with the help of the FIDO2 standard. FIDO2 offers modern authentication based on hardware and software tokens. However, it does not describe how this technology should be integrated into existing authentication frameworks and into an organisation's processes. This resulted in a DTLab project, in which students of the Masters IT Security at HM Hochschule München University of Applied Sciences Munich cooperated with the IT department of the City of Munich. They developed a sample application based on a "microservice" architecture that shows how FIDO2 can work in combination with OpenID Connect, an authentication system for web-based services.

More information about the project can be found here.

Questions? Contact the DTLab team.