A IMPLEMENTATION OF USING PASSWORDLESS ON OPENID CONNECT PROTOCOL

Abstract

The increasing proliferation of applications and their concurrent or multi-provider development complicates users' digital experience, necessitating the memorization of numerous digital IDs to access various web applications. This leads to frequent issues with forgotten usernames or passwords. Despite the development of Single Sign-On (SSO) protocols that allow access to multiple applications with a single ID, the need to remember passwords remains a significant challenge. This research aims to design and develop a passwordless authentication system based on the OpenID Connect protocol to enhance security and user convenience in accessing information systems. Additionally, the study explores the operational impact of this system to evaluate its effectiveness and implications for information system access. This research presents a solution to password-related challenges and enhances authentication security by enabling access to multiple applications with a single ID, using private keys and authenticating via QR code scans through a mobile application. This approach elevates authentication reliability to Assurance Level 3 (AAL3) and enhances user convenience, representing an advancement over the existing OpenID Connect protocol standards for information system access.