TY  - CHAP
U1  - Konferenzveröffentlichung
A1  - Wiefling, Stephan
A1  - Dürmuth, Markus
A1  - Lo Iacono, Luigi
T1  - More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication
T2  - 36th Annual Computer Security Applications Conference (ACSAC '20). December 07-11, 2020
N2  - Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional features during login, and when observed feature values differ significantly from previously seen ones, users have to provide additional authentication factors such as a verification code. RBA has the potential to offer more usable authentication, but the usability and the security perceptions of RBA are not studied well.
We present the results of a between-group lab study (n=65) to evaluate usability and security perceptions of two RBA variants, one 2FA variant, and password-only authentication. Our study shows with significant results that RBA is considered to be more usable than the studied 2FA variants, while it is perceived as more secure than password-only authentication in general and comparably secure to 2FA in a variety of application types. We also observed RBA usability problems and provide recommendations for mitigation. Our contribution provides a first deeper understanding of the users' perception of RBA and helps to improve RBA implementations for a broader user acceptance.
KW  - Risk-based Authentication
KW  - Authentication
KW  - Two-factor Authentication
KW  - Usable Security
KW  - Password
UN  - https://nbn-resolving.org/urn:nbn:de:hbz:1044-opus-50707
UR  - https://riskbasedauthentication.org/usability/perceptions/
SN  - 978-1-4503-8858-0
SB  - 978-1-4503-8858-0
U6  - https://doi.org/10.1145/3427228.3427243
DO  - https://doi.org/10.1145/3427228.3427243
AX  - 2010.00339
SP  - 203
EP  - 218
PB  - ACM
ER  -