More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication - Forschungsportal der Justus-Liebig-Universität Gießen:

Konferenzpaper

More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication

Autorenliste: Wiefling, Stephan; Dürmuth, Markus; Lo Iacono, Luigi

Erschienen in: Proceedings, 36th annual Computer Security Applications Conference

Jahr der Veröffentlichung: 2020

eISBN: 978-1-4503-8858-0

DOI Link: https://doi.org/10.1145/3427228.3427243

Konferenz: 36th Annual Computer Security Applications Conference (ACSAC '20)

Abstract:
Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional features during login, and when observed feature values differ significantly from previously seen ones, users have to provide additional authentication factors such as a verification code. RBA has the potential to offer more usable authentication, but the usability and the security perceptions of RBA are not studied well.
We present the results of a between-group lab study (n=65) to evaluate usability and security perceptions of two RBA variants, one 2FA variant, and password-only authentication. Our study shows with significant results that RBA is considered to be more usable than the studied 2FA variants, while it is perceived as more secure than password-only authentication in general and comparably secure to 2FA in a variety of application types. We also observed RBA usability problems and provide recommendations for mitigation. Our contribution provides a first deeper understanding of the users’ perception of RBA and helps to improve RBA implementations for a broader user acceptance.

Autoren/Herausgeber

- Uni.-Prof. Dr.-Ing. Luigi Lo Iacono

Zitierstile

Harvard-Zitierstil: Wiefling, S., Dürmuth, M. and Lo Iacono, L. (2020) More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication, in Proceedings, 36th annual Computer Security Applications Conference. New York, NY: Association for Computing Machinery. https://doi.org/10.1145/3427228.3427243

APA-Zitierstil: Wiefling, S., Dürmuth, M., & Lo Iacono, L. (2020). More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication. In Proceedings, 36th annual Computer Security Applications Conference. Association for Computing Machinery. https://doi.org/10.1145/3427228.3427243