ASP.NET Core 5.0 - Users Without Passswords Project

The UWPP research project implements FIDO UAF, also known as WebAuthn instead of passwords. The user registers with a FIDO2 authenticator like a usb security key or Windows Hello.

Fast IDentification Online

  

Universal Authentication Framework

FIDO UAF supports a passwordless experience. With FIDO UAF, the user carries a device with a FIDO UAF stack installed. They can then register their device to the online service by selecting a local authentication mechanism such as swiping a finger, looking at the camera, speaking into the mic, entering a PIN, etc. The FIDO UAF protocol allows the service to select which mechanisms are presented to the user.

The user must possess at least one FIDO2 authenticator to register and log in. Windows Hello implements authentication with an IR webcam for facial recognition, a fingerprint scanner, or just by setting up and using a PIN. See Learn about Windows Hello and set it up. The registration and login processes involve strict communication protocols between the server, browser, authenticator, and user. The project supports multiple authenticators and authenticator usage history.