Verifiable Passkey: The Decentralized Authentication Standard

• URL: http://arxiv.org/abs/2512.21663v1
• Date: Thu, 25 Dec 2025 13:06:52 GMT
• Title: Verifiable Passkey: The Decentralized Authentication Standard
• Authors: Aditya Mitra, Sibi Chakkaravarthy Sethuraman,
• Abstract summary: FIDO2 Passkeys, is one of the most-widely adopted standards of passwordless authentication.<n>This paper introduces a novel standard 'Verifiable Passkey' that allows the user to use Passkeys created for a Verifiable Credential issuer across any platform without risking privacy or user tracking.
• Score: 0.18416014644193066
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: Passwordless authentication has revolutionized the way we authenticate across various websites and services. FIDO2 Passkeys, is one of the most-widely adopted standards of passwordless authentication that promises phishing-resistance. However, like any other authentication system, passkeys require the user details to be saved on a centralized server, also known as Relying Party (RP) Server. This has led users to create a new passkey for every new online account. While this just works for a limited number of online accounts, the limited storage space of secure storage modules like TPM or a physical security key limits the number of passkeys a user can have. For example, Yubico Yubikey 5 (firmware 5.0 - 5.6) offers to store only 25 passkeys, while firmware 5.7+ allows to store upto 100 [1]. To overcome this problem, one of the widely adopted approaches is to use Federated Authentication with Single Sign On (SSO). This allows the user to create a passkey for the Identity Provider (IdP) and use the IdP to authenticate to all service providers. This proves to be a significant privacy risk since the IdP can potentially track users across different services. To overcome these limitations, this paper introduces a novel standard 'Verifiable Passkey' that allows the user to use Passkeys created for a Verifiable Credential issuer across any platform without risking privacy or user tracking.

Related papers

• State of Passkey Authentication in the Wild: A Census of the Top 100K sites [1.5822425915135876]
  Passkeys are discoverable WebAuthn credentials synchronised across devices.<n>Major vendors have integrated passkeys into operating systems and browsers.<n>Yet the true extent of adoption across the broader web remains unknown.
  arXiv  Detail & Related papers  (2026-02-16T19:28:55Z)
• Binding Agent ID: Unleashing the Power of AI Agents with accountability and credibility [46.323590135279126]
  BAID (Binding Agent ID) is a comprehensive identity infrastructure establishing verifiable user-code binding.<n>We implement and evaluate a complete prototype system, demonstrating the practical feasibility of blockchain-based identity management and zkVM-based authentication protocol.
  arXiv  Detail & Related papers  (2025-12-19T13:01:54Z)
• An In-Depth Systematic Analysis of the Security, Usability, and Automation Capabilities of Password Update Processes on Top-Ranked Websites [46.750111141477646]
  We perform the first systematic analysis of 111 password update processes deployed on top-ranked websites.<n>Websites deploy highly diverse, often complex, confusing password update processes and lack the support of password managers.<n>We give recommendations for web developers, the web standardization community, and security researchers.
  arXiv  Detail & Related papers  (2025-11-13T09:18:07Z)
• How Blind and Low-Vision Users Manage Their Passwords [58.76726339294067]
  This paper investigates how Blind and Low-Vision (BLV) users tackle password management.<n>We found that all participants utilize password managers to some extent, which they perceive as fairly accessible.<n>The security advantages - generating strong, random passwords - were avoided mainly due to the absence of practical accessibility.
  arXiv  Detail & Related papers  (2025-10-15T13:33:45Z)
• The Passwordless Authentication with Passkey Technology from an Implementation Perspective [0.5249805590164902]
  New authentication technologies have shifted from traditional password-based logins to passwordless security.<n>This paper highlights the key techniques used during the implementation of the authentication system with Passkey technology.
  arXiv  Detail & Related papers  (2025-08-16T06:17:59Z)
• SSH-Passkeys: Leveraging Web Authentication for Passwordless SSH [11.865671333047658]
  Passwords remain the dominant mode of SSH authentication, despite their well known flaws such as phishing and reuse.<n>WebAuthn is a modern authentication standard designed to replace passwords, managing keys on behalf of the user.<n>We propose a framework to integrate WebAuthn with SSH servers, by using UNIX pluggable authentication modules (PAM)
  arXiv  Detail & Related papers  (2025-07-11T21:13:09Z)
• 2FA: Navigating the Challenges and Solutions for Inclusive Access [55.2480439325792]
  Two-Factor Authentication (2FA) has emerged as a critical solution to protect online activities.<n>This paper examines the intricacies of deploying 2FA in a way that is secure and accessible to all users.<n>An analysis was conducted to examine the implementation and availability of various 2FA methods across popular online platforms.
  arXiv  Detail & Related papers  (2025-02-17T12:23:53Z)
• Device-Bound vs. Synced Credentials: A Comparative Evaluation of Passkey Authentication [0.0]
  With passkeys, the FIDO Alliance introduces the ability to sync FIDO2 credentials across a user's devices through passkey providers.<n>This aims to mitigate user concerns about losing their devices and promotes the shift toward password-less authentication.<n>We show how credential syncing has also created a debate among experts about their security guarantees.
  arXiv  Detail & Related papers  (2025-01-13T15:00:18Z)
• EAP-FIDO: A Novel EAP Method for Using FIDO2 Credentials for Network Authentication [43.91777308855348]
  EAP-FIDO allows organisations with WPA2/3-Enterprise wireless networks or MACSec-enabled wired networks to leverage FIDO2's passwordless authentication.<n>We provide a comprehensive security and performance analysis to support the feasibility of this approach.
  arXiv  Detail & Related papers  (2024-12-04T12:35:30Z)
• Systematic Solutions to Login and Authentication Security Problems: A Dual-Password Login-Authentication Mechanism [0.0]
  Credential theft and remote attacks are the most serious threats to user authentication mechanisms. We design a dual-password login-authentication mechanism, where a user-selected secret-free login password is converted into an untypable authentication password. The authenticatable functionality of the login password and the typable functionality of the authentication password can be disabled or invalidated to prevent credential theft and remote attacks.
  arXiv  Detail & Related papers  (2024-04-02T10:05:47Z)
• A Novel Protocol Using Captive Portals for FIDO2 Network Authentication [45.84205238554709]
  We introduce FIDO2CAP: FIDO2 Captive-portal Authentication Protocol. We develop a prototype of FIDO2CAP authentication in a mock scenario. This work makes the first systematic approach for adapting network authentication to the new authentication paradigm relying on FIDO2 authentication.
  arXiv  Detail & Related papers  (2024-02-20T09:55:20Z)
• ROSTAM: A Passwordless Web Single Sign-on Solution Mitigating Server Breaches and Integrating Credential Manager and Federated Identity Systems [0.0]
  We envision a passwordless future which provides a frictionless and trustworthy online experience for users by integrating credential management and federated identity systems. In this regard, our implementation ROSTAM offers a dashboard that presents all applications the user can access with a single click after a passwordless SSO. The security of web passwords on the credential manager is ensured with a Master Key, rather than a Master Password, so that encrypted passwords can remain secure even if stolen from the server.
  arXiv  Detail & Related papers  (2023-10-08T16:41:04Z)
• Secure access system using signature verification over tablet PC [62.21072852729544]
  We describe a highly versatile and scalable prototype for Web-based secure access using signature verification. The proposed architecture can be easily extended to work with different kinds of sensors and large-scale databases.
  arXiv  Detail & Related papers  (2023-01-11T11:05:47Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.