A Qualitative Study of Adoption Barriers and Challenges for Passwordless Authentication in German Public Administrations
CHI Conference on Human Factors in Computing Systems (CHI ’25), April 26–May 01, 2025
Abstract
Public administrations provide critical services and manage sensitive data for a country’s citizens. Recent phishing campaigns targeting public sector employees highlight their attractiveness as targets. Deploying state-of-the-art authentication technologies,such as FIDO2, can improve overall security.
We conducted a mixed-methods study in Germany to understand better the practices and challenges of deploying passwordless authentication in the public sector. First, we conducted an online survey (N=108) among German public sector employees to gain insights into their experiences and challenges. Next, we partnered with an e-government vendor and performed an in-situ experiment. We let 11 employees from the public sector experience FIDO2 under real-world conditions. Our results show that only a minority of our participants were aware of current passwordless authentication procedures. In our experiment, FIDO2-based methods left an overall positive impression. Hierarchical and heterogeneous public sector structures and the need for more technical expertise and equipment were barriers to adoption.
Reference
@inproceedings{conf/chi/holtgrave25,
author = {Jan-Ulrich Holtgrave and
Sabrina Klivan and
Karola Marky and
Sascha Fahl},
booktitle = {CHI Conference on Human Factors in Computing Systems (CHI ’25), April 26–May 01, 2025},
month = {May},
publisher = {ACM},
title = {A Qualitative Study of Adoption Barriers and Challenges for Passwordless Authentication in German Public Administrations},
url = {https://doi.org/10.1145/3706598.3713252},
year = {2025}
}