Secure Authentication for Web and Mobile Apps
Authentication to Internet services is nowadays typically still performed with static passwords, which are cumbersome for the user and an attractive target for attackers. Luckily, with U2F, UAF, WebAuthN, etc. there are a number of initiatives for more secure and/or convenient authentication on the horizon. However, different types of client applications (desktop vs. mobile, Web app vs. progressive Web app vs. hybrid app vs. native app) offer different hard- and software possibilities (e.g. fingerprint reader, USB token, secure hardware; iOS vs. Android). This makes development of universal authentication solutions difficult.
The task of this thesis is a systematic analysis of the current state of art in authentication for different application types. Further, a universal authentication framework for multiple authentication methods and application scenarios shall be developed, in order to ease software development and increase usability.