Wiefling et al., 2020
- David Doret
Type | Conference Article |
|---|---|
Conference | ACSAC 2020 |
Title | More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication |
Authors | Wiefling, S., Dürmuth, M., Iacono, L.L. |
Year | 2020 |
Harvard | Wiefling, S., Dürmuth, M., Iacono, L.L., 2020. More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication. Presented at the ACSAC 2020, Austin, TX, USA, p. 16. |
Links | https://riskbasedauthentication.org/download/rba-perceptions-paper.pdf |
Abstract
Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional features during login, and when observed feature values differ significantly from previously seen ones, users have to provide additional authentication factors such as a verification code. RBA has the potential to offer more usable authentication, but the usability and the security perceptions of RBA are not studied well.
We present the results of a between-group lab study (n=65) to evaluate usability and security perceptions of two RBA variants, one 2FA variant, and password-only authentication. Our study shows with significant results that RBA is considered to be more usable than the studied 2FA variants, while it is perceived as more secure than password-only authentication in general and comparably secure to 2FA in a variety of application types. We also observed RBA usability problems and provide recommendations for mitigation. Our contribution provides a first deeper understanding of the users’ perception of RBA and helps to improve RBA implementations for a broader user acceptance.
(Wiefling et al., 2020, p. 1)
Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.
This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.
