Costs and benefits of authentication advice

08/13/2020
by   Hazel Murray, et al.
0

When it comes to passwords, conflicting advice can be found everywhere. Different sources give different types of advice related to authentication. In this paper such advice is studied. First, using a sample collection of authentication advice, we observe that different organizations' advice is often contradictory and at odds with current research. We highlight the difficulties organizations and users have when determining which advice is worth following. Consequently, we develop a model for identifying costs of advice. Our model incorporates factors that affect organizations and users, including, for example, usability aspects. Similarly, we model the security benefits brought by such advice. We then apply these models to our taxonomy of advice to indicate the potential effectiveness of the security recommendations. We find that organizations experience fewer costs than users as a result of authentication policies. Reassuringly, the advice our model has classified as good or bad, is in line with the NIST 2017 digital authentication guidelines.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
10/01/2020

More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication

Risk-based Authentication (RBA) is an adaptive security measure to stren...
research
08/18/2020

Evaluation of Risk-based Re-Authentication Methods

Risk-based Authentication (RBA) is an adaptive security measure that imp...
research
02/20/2018

Frictionless Authentication Systems: Emerging Trends, Research Challenges and Opportunities

Authentication and authorization are critical security layers to protect...
research
09/01/2023

"Make Them Change it Every Week!": A Qualitative Exploration of Online Developer Advice on Usable and Secure Authentication

Usable and secure authentication on the web and beyond is mission-critic...
research
02/23/2021

Usability and Security of Different Authentication Methods for an Electronic Health Records System

We conducted a survey of 67 graduate students enrolled in the Privacy an...
research
09/18/2023

How to Data in Datathons

The rise of datathons, also known as data or data science hackathons, ha...
research
09/24/2017

Changing users' security behaviour towards security questions: A game based learning approach

Fallback authentication is used to retrieve forgotten passwords. Securit...

Please sign up or login with your details

Forgot password? Click here to reset