Authentication Friction

Authentication Friction

dictionary-term

Alternative Forms

  • Authentication Burden

  • Friction

Definition

The Authentication Friction is the total cost (time, effort, money) required on the part of a user to authenticate to a service.

Authentication Friction is a component of what Beautement et al., 2008 call the user’s Compliance Budget. This model states that the primary goal of the user is to accomplish business tasks with the service. Any friction point that interferes with this primary goal is a cost that consumes the user’s Compliance Budget, until the threshold where the user’s cost/benefit perception becomes negative. At this point, the user may change behavior, e.g. opt for a less secure configuration, subscribe to an alternative service, etc.

Friction points comprise:

  • Memory effort to remind passwords,

  • License cost and usage of a password management solution,

  • Manipulations of a physical token or authentication application (incl. typing in PIN, biometric procedure, copying or remembering OTP, etc.)

  • CAPTCHAs or similar questions,

  • Biometric procedures (touch, speak, look, type, etc.),

  • Thinking through complex or unclear authentication processes,

  • Authentication reset procedures (incl. password reset),

  • Waiting time,

  • etc.

Note - Authentication Friction comes from a metaphorical usage of the term friction from the physical sciences. Friction designates the force of resistance of sliding (or rolling) solid objects on fixed solid objects. The analogy is that the user is the sliding object, and the service is the fixed object. The sliding object/user needs to advance some distance against the force of resistance of the fixed object/authentication process to gain access to the service. The adequacy of this analogy is debatable because the coefficient of friction, in physics, is μ=F/L, where F is the ratio of friction and L the load. Thus, the sliding object’s load is really a key variable whereas, when considering authentication, it is rather the load of the authentication process on the user that is of primary interest. (Encyclopedia Britannica, Friction, accessed 8 March 2022)

Sample Sentences

Bob was using the Acme online service. By default, MFA was enabled. But the second factor was a real pain from a user experience’s perspective: you had to memorize a 6 digit code and type it in to get a new code, then append that code to your password… So Bob disabled the MFA feature in his profile configuration. Eve, the infamous hacker, seized this opportunity to compromise Bob’s account. All of this could have been avoided if the authentication friction of this service had been lower.

Conceptual Diagram

Related Terms

  • Friction

  • Friction Point

  • User Experience

Bibliography

See Also


Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.


This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.