Volltext-Downloads (blau) und Frontdoor-Views (grau)

More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication

  • Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional features during login, and when observed feature values differ significantly from previously seen ones, users have to provide additional authentication factors such as a verification code. RBA has the potential to offer more usable authentication, but the usability and the security perceptions of RBA are not studied well. We present the results of a between-group lab study (n=65) to evaluate usability and security perceptions of two RBA variants, one 2FA variant, and password-only authentication. Our study shows with significant results that RBA is considered to be more usable than the studied 2FA variants, while it is perceived as more secure than password-only authentication in general and comparably secure to 2FA in a variety of application types. We also observed RBA usability problems and provide recommendations for mitigation. Our contribution provides a first deeper understanding of the users' perception of RBA and helps to improve RBA implementations for a broader user acceptance.

Download full text files

Export metadata

Additional Services

Search Google Scholar

Statistics

Show usage statistics
Metadaten
Document Type:Conference Object
Language:English
Author:Stephan WieflingORCiD, Markus Dürmuth, Luigi Lo Iacono
Parent Title (English):36th Annual Computer Security Applications Conference (ACSAC '20). December 07-11, 2020
First Page:203
Last Page:218
ISBN:978-1-4503-8858-0
URN:urn:nbn:de:hbz:1044-opus-50707
URL:https://riskbasedauthentication.org/usability/perceptions/
DOI:https://doi.org/10.1145/3427228.3427243
ArXiv Id:http://arxiv.org/abs/2010.00339
Publisher:ACM
Publishing Institution:Hochschule Bonn-Rhein-Sieg
Date of first publication:2020/10/01
Copyright:© 2020 Copyright held by the owner/author(s). This is the author’s version of the work. It is posted here for your personal use. Not for redistribution.
Funding:This research was supported by the researchtraining group “Human Centered Systems Security” (NERD.NRW) sponsored by the state of North Rhine-Westphalia.
Keywords:Authentication; Password; Risk-based Authentication; Two-factor Authentication; Usable Security
Departments, institutes and facilities:Fachbereich Informatik
Institut für Cyber Security & Privacy (ICSP)
Projects:URIA - Usability of Risk-based Implicit Authentication
Dewey Decimal Classification (DDC):0 Informatik, Informationswissenschaft, allgemeine Werke / 00 Informatik, Wissen, Systeme / 005 Computerprogrammierung, Programme, Daten
Entry in this database:2020/10/06
Licence (Multiple languages):License LogoIn Copyright (Urheberrechtsschutz)