Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

SoK: Web Authentication in the Age of End-to-End Encryption

Jenny Blessing, Daniel Hugenroth, Ross J. Anderson, Alastair R. Beresford

TL;DR

The paper analyzes the intersection of end-to-end encryption and web authentication, focusing on how to achieve secure, private, and usable login and recovery experiences. It surveys primary (passwords, device-bound, social recovery, recovery keys, manual recovery) and secondary authentication mechanisms and studies passkey deployment on the top websites, as well as recovery mechanisms in E2EE storage services. It finds a shift toward device-bound credentials and cloud-backed recovery, but existing recoverability options remain limited and inconsistent, particularly in E2EE contexts. It offers concrete research directions to close gaps between industry practice and academic understanding, emphasizing diversified recovery paths and better user understanding of E2EE recovery.

Abstract

The advent of end-to-end encrypted (E2EE) messaging and backup services has brought new challenges for usable authentication. Compared to regular web services, the nature of E2EE implies that the provider cannot recover data for users who have forgotten passwords or lost devices. Therefore, new forms of robustness and recoverability are required, leading to a plethora of solutions ranging from randomly-generated recovery codes to threshold-based social verification. These implications also spread to new forms of authentication and legacy web services: passwordless authentication ("passkeys") has become a promising candidate to replace passwords altogether, but are inherently device-bound. However, users expect that they can login from multiple devices and recover their passwords in case of device loss--prompting providers to sync credentials to cloud storage using E2EE, resulting in the very same authentication challenges of regular E2EE services. Hence, E2EE authentication quickly becomes relevant not only for a niche group of dedicated E2EE enthusiasts but for the general public using the passwordless authentication techniques promoted by their device vendors. In this paper we systematize existing research literature and industry practice relating to security, privacy, usability, and recoverability of E2EE authentication. We investigate authentication and recovery schemes in all widely-used E2EE web services and survey passwordless authentication deployment in the top-200 most popular websites. Finally, we present concrete research directions based on observed gaps between industry deployment and academic literature.

SoK: Web Authentication in the Age of End-to-End Encryption

TL;DR

The paper analyzes the intersection of end-to-end encryption and web authentication, focusing on how to achieve secure, private, and usable login and recovery experiences. It surveys primary (passwords, device-bound, social recovery, recovery keys, manual recovery) and secondary authentication mechanisms and studies passkey deployment on the top websites, as well as recovery mechanisms in E2EE storage services. It finds a shift toward device-bound credentials and cloud-backed recovery, but existing recoverability options remain limited and inconsistent, particularly in E2EE contexts. It offers concrete research directions to close gaps between industry practice and academic understanding, emphasizing diversified recovery paths and better user understanding of E2EE recovery.

Abstract

The advent of end-to-end encrypted (E2EE) messaging and backup services has brought new challenges for usable authentication. Compared to regular web services, the nature of E2EE implies that the provider cannot recover data for users who have forgotten passwords or lost devices. Therefore, new forms of robustness and recoverability are required, leading to a plethora of solutions ranging from randomly-generated recovery codes to threshold-based social verification. These implications also spread to new forms of authentication and legacy web services: passwordless authentication ("passkeys") has become a promising candidate to replace passwords altogether, but are inherently device-bound. However, users expect that they can login from multiple devices and recover their passwords in case of device loss--prompting providers to sync credentials to cloud storage using E2EE, resulting in the very same authentication challenges of regular E2EE services. Hence, E2EE authentication quickly becomes relevant not only for a niche group of dedicated E2EE enthusiasts but for the general public using the passwordless authentication techniques promoted by their device vendors. In this paper we systematize existing research literature and industry practice relating to security, privacy, usability, and recoverability of E2EE authentication. We investigate authentication and recovery schemes in all widely-used E2EE web services and survey passwordless authentication deployment in the top-200 most popular websites. Finally, we present concrete research directions based on observed gaps between industry deployment and academic literature.

Paper Structure

This paper contains 37 sections, 2 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Authentication Frameworks
  4. Measuring Industry Deployments
  5. The State of Web Authentication and Recovery
  6. Primary Authentication Mechanisms
  7. Passwords
  8. Device-Bound Credentials
  9. Social Authentication
  10. Long-Term Recovery Key
  11. Manual Recovery
  12. Secondary Authentication Mechanisms
  13. Passkey Deployment
  14. Methodology
  15. Passkey Availability
  16. ...and 22 more sections

Figures (2)

  • Figure 1: Passkey authentication flows: (a) standard authentication using a passkey on a mobile phone; (b) backup-eligible passkey (multi-device credential) is synchronized to a new device using an E2EE cloud backup service; (c) multi-device credential using the device-bound key extension to distinguish individual devices; (d) cross-device authentication on a laptop via Bluetooth.
  • Figure 2: Literature survey of academic work on real-world authentication schemes.