FIDO2 authentication is starting to be applied in numerous web authentication services, aiming to replace passwords and their known vulnerabilities. However, this new authentication method has not been integrated yet with network authentication systems. In this paper, we introduce FIDO2CAP: FIDO2 Captive-portal Authentication Protocol. Our proposal describes a novel protocol for captive-portal network authentication using FIDO2 authenticators, as security keys and passkeys. For validating our proposal, we have developed a prototype of FIDO2CAP authentication in a mock scenario. Using this prototype, we performed an usability experiment with 15 real users. This work makes the first systematic approach for adapting network authentication to the new authentication paradigm relying on FIDO2 authentication.

翻译：FIDO2认证正被广泛应用于众多网络认证服务中，旨在替代密码及其已知的脆弱性。然而，这一新型认证方法尚未与网络认证系统集成。本文提出FIDO2CAP：FIDO2 Captive Portal认证协议。该方案描述了一种利用FIDO2认证器（如安全密钥和通行密钥）进行Captive Portal网络认证的新协议。为验证方案的有效性，我们在模拟场景中开发了FIDO2CAP认证原型，并基于该原型对15名真实用户开展了可用性实验。本研究首次系统性地探索了如何将网络认证适配至以FIDO2认证为基础的新型认证范式。