Passwords are the most wide-spread authentication method for Web or mobile services. However, there are also highly insecure and are a very common attack vector. Alternative solutions do exist for many years, but are still not widely deployed. However, with new technologies like FIDO, WebAuthN, Windows Hello plus built-in security devices like fingerprint readers and TPM finally password-less authentication is within grasp.
The task of this thesis is to analyse the current state of password-less authentication, evaluate the best solution for the use-case of authentication to UiO services, and implement a demonstration implementation.