Proceeding of the Faculty of technical Sciences, Novi Sad

Electrotechnical and Computer Engineering

Vol. 41 No. 02 (2026): Proceedings of the Faculty of Technical Sciences

Implementation of Authentication Using the FIDO2 Standard

  • Давид Мијаиловић
DOI:
https://doi.org/10.24867/34BE18Mijailovic
Submitted
February 12, 2026
Published
2026-03-09

Abstract

This paper addresses the design, implementation, and analysis of a web application that utilizes the FIDO2 standard as a replacement for traditional passwords. Through a theoretical overview, prototype development, and attack simulations, the work demonstrates the practical application and security resilience of a passwordless authentication system, offering insight into its superiority over password-based systems.

References

  1. [1] D. R. Pilar, A. Jaeger, C. F. Gomes и L. M. Stein, „Passwords usage and human memory limitations: A survey across age and educational background,“ PloS one, т. 7, бр. 12, p. e51067, 2012.
  2. [2] A. Das, J. Bonneau, M. Caesar, N. Borisov и X. Wang, „The tangled web of password reuse,“ у NDSS, 2014.
  3. [3] M. Jakobsson и S. Myers, Phishing and countermeasures: understanding the increasing problem of electronic identity theft, John Wiley & Sons, 2007.
  4. [4] FIDO Alliance, „FIDO Client to Authenticator Protocol (CTAP),“ 2019.
  5. [5] M. Weir, S. Aggarwal, B. De Medeiros и B. Glodek, „Password cracking using probabilistic context-free grammars,“ у 2009 30th IEEE Symposium on Security and Privacy, 2009.
  6. [6] K. Chanda, „Password security: an analysis of password strengths and vulnerabilities,“ International Journal of Computer Network and Information Security, 2016.
  7. [7] J. Owens и J. Matthews, „A study of passwords and methods used in brute-force SSH attacks,“ у USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), 2008.
  8. [8] RocketMeUpCybersecurity, „How WebAuthn is Changing the Future of Passwordless Security,“ 21 September 2023. Available: https://medium.com/@RocketMeUpCybersecurity/how-webauthn-is-changing-the-future-of-passwordless-security-71f71185fa42 (приступљено октобар 2025.)
  9. [9] Y. Mo и B. Sinopoli, „Secure control against replay attacks,“ у 2009 47th annual Allerton conference on communication, control, and computing (Allerton), 2009.
  10. [10] A. Mallik, „Man-in-the-middle-attack: Understanding in simple words,“ Cyberspace: Jurnal Pendidikan Teknologi Informasi, 2018.
  11. [11] M. Conti, N. Dragoni и V. Lesyk, „A survey of man in the middle attacks,“ IEEE communications surveys & tutorials, 2016.
  12. [12] M. Barbosa, A. Boldyreva, S. Chen, K. Cheng и L. Esquível, „Privacy and Security of FIDO2 Revisited,“ Proceedings on Privacy Enhancing Technologies, 2025.
  13. [13] A. Sinitsyna, „Beyond Passwords: FIDO2 AND WebAuthn in practice,“. Available: https://www.inovex.de/de/blog/fido2-webauthn-in-practice/ (приступљено октобар 2025.)
  14. [14] Remix, „React Router,“ 2025. Available: https://reactrouter.com/home. (приступљено октобар 2025.)
  15. [15] L. S. Huang, Z. Weinberg, C. Evans и C. Jackson, „Protecting browsers from cross-origin CSS attacks,“ у Proceedings of the 17th ACM conference on Computer and communications security, 2010.
  16. [16] G. Dua, N. Gautam, D. Sharma и A. Arora, „Replay attack prevention in Kerberos authentication protocol using triple password“, 2013.
  17. [17] M. Al-Sinani и A. A. Zaidan, „A review on man-in-the-middle attacks in cloud computing and their detection and prevention,“ ACM Computing Surveys (CSUR), 2021.