Remote WebAuthn: FIDO2 Authentication for Less Accessible Devices

Nowadays, passwords are the prevalent authentication mechanism, even though it is proven to offer insufficient protection against cyber crime. Thus, FIDO2 was released with a more secure authentication mechanism. FIDO2 enables authentification with cryptographic hardware, such as USB sticks, NFC cards or in the smartphone integrated chips. A device with FIDO2 support is required to implement the whole FIDO2 stack and offer the required interfaces for the security hardware. However, many systems like for example Smart TVs can not make use of FIDO2 due to the lack of HW interfaces or the usage of outdated software. To overcome this, we present Remote WebAuthn, which enables secure authentification on such restricted devices through a remote authentication from a secondary, FIDO2 compatible device, such as a smartphone. We evaluate our approach to have better usability compared to FIDO2 while maintaining most security advantages.