FIDO2

The woes of Password-less authentication

Password-less authentication is actively pushed as the future of authentication. Where's the catch?

Björn Weström

8 minute read

I have followed the development of secure tokens with great interest. In the early days tokens such as RSA SecurID couldn’t do much more than give you six digits once per minute. But since those six digits were generated in a very secure manner thanks to cryptographic algorithms, they were an effective additional authentication token. This authentication token is referred to as a one time password (OTP), since the token only exists for a limited time and will not be accepted for logins…