DE
ctp
cto
ct2
mtc
ctl
ctts
ct1
jct
scr
ctb
HomepageContributorsLinks / Books

Friday, May 22, 2026

Awareness: 2FA — From Passwords to Passkeys

CrypTool-Online
General News

The CrypTool project has released a new app that compares three authentication methods:

  • Username/password
  • Time-based One-Time Passwords (TOTP)
  • Passkeys

Today, the clear recommendation is to use passkeys. The app therefore supports the recommendations of major security institutions such as BSI, ANSSI, NCSC, CISA, NIST, and ENISA.

However, the app goes beyond explanations and recommendations. Users can try out the authentication methods themselves and see how they can be attacked. In addition, the app provides detailed guidance on what to do if a key is lost.

Conclusion: Both TOTP and passkeys are significantly more secure than password-only authentication. Passkeys provide the best protection, especially against phishing attacks.

The app was developed as part of a master’s thesis, for which the student was also nominated for an IHK award. After an extensive code review, the CrypTool project integrated the implementation into the production version of CrypTool-Online.

Posted by:
Berhard Esslinger
Imprint Contact us Privacy GitHub
Forschungsinstitut CODE, Universität der Bundeswehr München
© 1998 - 2026 CrypTool Contributors