More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication

Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional features during login, and when observed feature values differ significantly from previously seen ones, users have to provide additional authentication factors such as a verification code. RBA has the potential to offer more usable authentication, but the usability and the security perceptions of RBA are not studied well. We present the results of a between-group lab study (n=65) to evaluate usability and security perceptions of two RBA variants, one 2FA variant, and password-only authentication. Our study shows with significant results that RBA is considered to be more usable than the studied 2FA variants, while it is perceived as more secure than password-only authentication in general and comparably secure to 2FA in a variety of application types. We also observed RBA usability problems and provide recommendations for mitigation. Our contribution provides a first deeper understanding of the users' perception of RBA and helps to improve RBA implementations for a broader user acceptance.



There are no comments yet.


page 15


Evaluation of Risk-based Re-Authentication Methods

Risk-based Authentication (RBA) is an adaptive security measure that imp...

Geographical Security Questions for Fallback Authentication

Fallback authentication is the backup authentication method used when th...

Usability and Security of Different Authentication Methods for an Electronic Health Records System

We conducted a survey of 67 graduate students enrolled in the Privacy an...

Tap-based User Authentication for Smartwatches

This paper presents TapMeIn, an eyes-free, two-factor authentication met...

Costs and benefits of authentication advice

When it comes to passwords, conflicting advice can be found everywhere. ...

Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild

Risk-based authentication (RBA) is an adaptive security measure to stren...

2D-2FA: A New Dimension in Two-Factor Authentication

We propose a two-factor authentication (2FA) mechanism called 2D-2FA to ...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.