1. Overview
- Function Name: Passwordless Authentication
- Introduction Background
- to complement the security vulnerabilities of the existing ID/PW-based authentication and to improve the user authentication experience.Passwordless AuthenticationIntroduction
- Target System: SHIELD ID Authentication Platform
- Applicable Subjects: Users holding a SHIELD ID account to whom the relevant authentication policy applies.
- Main Delivery Method
2. Authentication Method
2.1 FIDO2 WebAuthn
- Function Purpose
- Without a password when logging in to SHIELD ID**Identity verification through registered authentication devices (security key or biometric information)**to support the execution of __PH_0__
- Enhancing security and improving user authentication experience
- Scope of Application
| Item | Content |
|---|
| Authentication Target | Users who have registered a FIDO2 device among those registered with SHIELD ID. |
| Support Device | Windows Hello (PIN or fingerprint recognition), Yubikey (security key), etc. |
- Device Registration Workflow
Registration is mandatory __PH_0__.In the Edge browsermust be carried out, and certification after registration isin Edge or Chrome browserYou can use it freely.
- Authentication of SHIELD ID is performed using a password method.
- The user is asked whether to set up a Passwordless authentication device according to the policy.
- The user is
나중에 하기options and설정Select from the options.
- Do it later
- Since the ID / PW input has been completed, the authentication is successful at that time, but the same registration query window appears during the next SHIELD ID authentication.
오늘 하루 보지 않기When using the checkbox option, you can prevent the window from appearing for one day.
- Settings
- It will proceed with flow 4.
- Register a passkey through Windows Hello or a security key in the Edge browser.
- Restrictions: If registered in Chrome, the passkey is saved in Google Password Manager and cannot be used in Edge.
- (Optional) By registering Windows Hello (PIN or fingerprint) in advance, you can log in more quickly and conveniently during authentication.
- Once the passkey registration is complete, a notification window will appear to inform the user that the setup is complete.
- The user will be subject to Passwordless authentication starting from the next authentication.
- On registration failure:
재설정 (다시 등록)or나중에 하기Provides options.
- Reset: Proceeding with the registration again.
- Do later: The authentication is successful as above, but a re-registration request is mandatory for the next authentication.
- Device authentication operation flow
- Performing SHIELD ID authentication.
- **Passwordless authentication is prioritized.**Requests Passwordless authentication from the user.
- The user can find at the bottom of the screen __PH_0__.
다른 방법으로 로그인Press the button __PH_0__.Password authentication methodYou can switch to __PH_0__.
- On the contrary, in the Password input screen,
보안 키 또는 생체 인식 프로그램으로 인증You can press the button to switch back to the Passwordless method.
- Users perform authentication according to the window provided by the browser based on the registered device.
- Select the authentication method when registering multiple times.
- A notification window indicating that the authentication has been successfully completed will be provided, and the authentication will be completed.
- Authentication failed
- You need to retry or perform authentication through login using a different method.
- There are two main categories of representative cases where authentication may be recognized as a failure.
- The user __PH_0__
취소In case the button is pressed
- If the authentication time has expired
- The browser and platform authenticator use their own defaults.
- Although the official specifications or documents do not have fixed numbers, it can be estimated as follows based on actual measurements and various data.
| Environment | Default timeout (estimated value) | Basis and Explanation |
|---|
| Chrome (Windows Hello) | About 60 seconds | Chromium-based testing and FIDO Forum standards |
| Edge (Windows Hello) | About 60 seconds | Microsoft Community Feedback Guidelines |