FIDO2 is a fairly new standard for multi-factor and passwordless authentication. It is based on the idea of using an authenticator device for proof of ownership to verify an identity. Although the concept is considered secure, the overall security depends on the proper implementation of the protocols on both the authenticator and the web server. The goal of this master's thesis is to further examine the FIDO2 protocols and authenticator implementations. A possible outcome could be an automated tool to verify authenticator implementations. Further ideas in that direction are welcome.
This master project is suitable for anybody who is curious about new web technologies and likes to develop software. If you are interested in this topic or have any questions, please contact the supervisors.