More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication

Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional features during login, and when observed feature values differ significantly from previously seen ones, users have to provide additional authentication factors such as a verification code. RBA has the potential to offer more usable authentication, but the usability and the security perceptions of RBA are not studied well. We present the results of a between-group lab study (n=65) to evaluate usability and security perceptions of two RBA variants, one 2FA variant, and password-only authentication. Our study shows with significant results that RBA is considered to be more usable than the studied 2FA variants, while it is perceived as more secure than password-only authentication in general and comparably secure to 2FA in a variety of application types. We also observed RBA usability problems and provide recommendations for mitigation. Our contribution provides a first deeper understanding of the users' perception of RBA and helps to improve RBA implementations for a broader user acceptance.

READ FULL TEXT
POST COMMENT

Comments

There are no comments yet.

Authors

page 15

08/18/2020

Evaluation of Risk-based Re-Authentication Methods

Risk-based Authentication (RBA) is an adaptive security measure that imp...
07/01/2019

Geographical Security Questions for Fallback Authentication

Fallback authentication is the backup authentication method used when th...
02/23/2021

Usability and Security of Different Authentication Methods for an Electronic Health Records System

We conducted a survey of 67 graduate students enrolled in the Privacy an...
07/02/2018

Tap-based User Authentication for Smartwatches

This paper presents TapMeIn, an eyes-free, two-factor authentication met...
08/13/2020

Costs and benefits of authentication advice

When it comes to passwords, conflicting advice can be found everywhere. ...
03/17/2020

Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild

Risk-based authentication (RBA) is an adaptive security measure to stren...
10/29/2021

2D-2FA: A New Dimension in Two-Factor Authentication

We propose a two-factor authentication (2FA) mechanism called 2D-2FA to ...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.