Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Keep on rating – on the systematic rating and comparison of authentication schemes

Keep on rating – on the systematic rating and comparison of authentication schemes Six years ago, Bonneau et al. (2012) proposed a framework to compare authentication schemes to the ubiquitous text password. Even though their work did not reveal an alternative outperforming the text password on every criterion, the framework can support decision makers in finding suitable solutions for specific authentication contexts. The purpose of this paper is to extend and update the database, thereby discussing benefits, limitations and suggestions for continuing the development of the framework.Design/methodology/approachThis paper revisits the rating process and describes the application of an extended version of the original framework to an additional 40 authentication schemes identified in a literature review. All schemes were rated in terms of 25 objective features assigned to the three main criteria: usability, deployability and security.FindingsThe rating process and results are presented along with a discussion of the benefits and pitfalls of the rating process.Research limitations/implicationsWhile the extended framework, in general, proves suitable for rating and comparing authentication schemes, ambiguities in the rating could be solved by providing clearer definitions and cut-off values. Further, the extension of the framework with subjective user perceptions that sometimes differ from objective ratings could be beneficial.Originality/valueThe results of the rating are made publicly available in an authentication choice support system named ACCESS to support decision makers and researchers and to foster the further extension of the knowledge base and future development of the extended rating framework. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Information & Computer Security Emerald Publishing

Keep on rating – on the systematic rating and comparison of authentication schemes

Download PDF
15 pages

Loading next page...
 
/lp/emerald-publishing/keep-on-rating-on-the-systematic-rating-and-comparison-of-V07J8USSJv
Publisher
Emerald Publishing
Copyright
© Emerald Publishing Limited
ISSN
2056-4961
DOI
10.1108/ics-01-2019-0020
Publisher site
See Article on Publisher Site

Abstract

Six years ago, Bonneau et al. (2012) proposed a framework to compare authentication schemes to the ubiquitous text password. Even though their work did not reveal an alternative outperforming the text password on every criterion, the framework can support decision makers in finding suitable solutions for specific authentication contexts. The purpose of this paper is to extend and update the database, thereby discussing benefits, limitations and suggestions for continuing the development of the framework.Design/methodology/approachThis paper revisits the rating process and describes the application of an extended version of the original framework to an additional 40 authentication schemes identified in a literature review. All schemes were rated in terms of 25 objective features assigned to the three main criteria: usability, deployability and security.FindingsThe rating process and results are presented along with a discussion of the benefits and pitfalls of the rating process.Research limitations/implicationsWhile the extended framework, in general, proves suitable for rating and comparing authentication schemes, ambiguities in the rating could be solved by providing clearer definitions and cut-off values. Further, the extension of the framework with subjective user perceptions that sometimes differ from objective ratings could be beneficial.Originality/valueThe results of the rating are made publicly available in an authentication choice support system named ACCESS to support decision makers and researchers and to foster the further extension of the knowledge base and future development of the extended rating framework.

Journal

Information & Computer SecurityEmerald Publishing

Published: Oct 23, 2019

Keywords: Password; Rating; ACCESS; Authentication scheme; Objective features; Subjective Perceptions

References

  • Making passwords secure and usable
    Adams, A.; Sasse, M.A.; Lunt, P.
  • Biometric authentication on iPhone and android: usability, perceptions, and influences on adoption
    Bhagavatula, C.; Ur, B.; Iacovino, K.; Kywe, S.M.; Cranor, L.F.; Savvides, M.
  • The quest to replace passwords: a framework for comparative evaluation of web authentication schemes
    Bonneau, J.; Herley, C.; van Oorschot, P.C.; Stajano, F.
  • An administrator’s guide to internet password research
    Florêncio, D.; Herley, C.; Van Oorschot, P.C.
  • Using and managing multiple passwords: a week to a view
    Grawemeyer, B.; Johnson, H.
  • Question-and-answer passwords: an empirical evaluation
    Haga, W.J.; Zviran, M.
  • Factors affecting perception of information security and their impacts on IT adoption and security practices
    Huang, D-l.; Rau, P.-L.P.; Salvendy, G.; Gao, F.; Zhou, J.
  • An experimental comparison of secret-based user authentication technologies
    Irakleous, I.; Furnell, S.M.; Dowland, P.S.; Papadaki, M.
  • Supporting decision makers in choosing suitable authentication schemes
    Mayer, P.; Neumann, S.; Storck, D.; Volkamer, M.
  • ACCESSv2: a collaborative authentication research and decision support platform
    Mayer, P.; Stumpf, P.; Weber, T.; Volkamer, M.
  • CRONTO
  • Retina
  • ACCESS: describing and contrasting
    Renaud, K.; Volkamer, M.; Maguire, J.
  • Quantifying the security of graphical passwords: the case of android unlock patterns
    Uellenbeck, S.; Dürmuth, M.; Wolf, C.; Holz, T.
  • I added ‘!’at the end to make it secure: observing password creation in the lab
    Ur, B.; Noma, F.; Bees, J.; Segreti, S.M.; Shay, R.; Bauer, L.; Cranor, L.F.
  • Understanding password choices: how frequently entered passwords are re-used across websites
    Wash, R.; Rader, E.; Berman, R.; Wellmer, Z.
  • PhotoTAN mit orientierungsmarkierungen.svg
  • The quest to replace passwords revisited – rating authentication schemes
    Zimmermann, V.; Gerber, N.; Kleboth, M.; von Preuschen, A.; Schmidt, K.; Mayer, P.
  • If it wasn’t secure, they would not use it in the movies–security perceptions and user acceptance of authentication technologies
    Zimmermann, V.; Gerber, N.