/
Authentication Friction

Authentication Friction

Owned by David Doret, created
Last updated: 13-15-2022
2 min read

Authentication Friction

dictionary-term

[ 1 Alternative Forms ] [ 2 Definition ] [ 2.1 Sample Sentences ] [ 2.2 Conceptual Diagram ] [ 3 Related Terms ] [ 4 Bibliography ] [ 5 See Also ]

Alternative Forms

  • Authentication Burden

  • Friction

Definition

The Authentication Friction is the total cost (time, effort, money) required on the part of a user to authenticate to a service.

Authentication Friction is a component of what Beautement et al., 2008 call the user’s Compliance Budget. This model states that the primary goal of the user is to accomplish business tasks with the service. Any friction point that interferes with this primary goal is a cost that consumes the user’s Compliance Budget, until the threshold where the user’s cost/benefit perception becomes negative. At this point, the user may change behavior, e.g. opt for a less secure configuration, subscribe to an alternative service, etc.

Friction points comprise:

  • Memory effort to remind passwords,

  • License cost and usage of a password management solution,

  • Manipulations of a physical token or authentication application (incl. typing in PIN, biometric procedure, copying or remembering OTP, etc.)

  • CAPTCHAs or similar questions,

  • Biometric procedures (touch, speak, look, type, etc.),

  • Thinking through complex or unclear authentication processes,

  • Authentication reset procedures (incl. password reset),

  • Waiting time,

  • etc.

Note - Authentication Friction comes from a metaphorical usage of the term friction from the physical sciences. Friction designates the force of resistance of sliding (or rolling) solid objects on fixed solid objects. The analogy is that the user is the sliding object, and the service is the fixed object. The sliding object/user needs to advance some distance against the force of resistance of the fixed object/authentication process to gain access to the service. The adequacy of this analogy is debatable because the coefficient of friction, in physics, is μ=F/L, where F is the ratio of friction and L the load. Thus, the sliding object’s load is really a key variable whereas, when considering authentication, it is rather the load of the authentication process on the user that is of primary interest. (Encyclopedia Britannica, Friction, accessed 8 March 2022)

Sample Sentences

Bob was using the Acme online service. By default, MFA was enabled. But the second factor was a real pain from a user experience’s perspective: you had to memorize a 6 digit code and type it in to get a new code, then append that code to your password… So Bob disabled the MFA feature in his profile configuration. Eve, the infamous hacker, seized this opportunity to compromise Bob’s account. All of this could have been avoided if the authentication friction of this service had been lower.

Conceptual Diagram

Related Terms

  • Friction

  • Friction Point

  • User Experience

Bibliography

See Also

Related content

Beautement et al., 2008
Beautement et al., 2008
Bibliography
Read with this
NIST IR 7983, 2014
NIST IR 7983, 2014
Bibliography
More like this
Continuous Authentication
Continuous Authentication
Dictionary
More like this
Behavior Based Continuous Authentication
Behavior Based Continuous Authentication
Dictionary
More like this
Authentication (Dictionary Entry)
Authentication (Dictionary Entry)
Dictionary
More like this
Risk-Based Authentication (Dictionary Entry)
Risk-Based Authentication (Dictionary Entry)
Dictionary
More like this

Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.

This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.