Verify It's You: How Users Perceive Risk-based Authentication
- Risk-based authentication (RBA) is an adaptive security measure to strengthen password-based authentication against account takeover attacks. Our study on 65 participants shows that users find RBA more usable than two-factor authentication equivalents and more secure than password-only authentication. We identify pitfalls and provide guidelines for putting RBA into practice.
Document Type: | Article |
---|---|
Language: | English |
Author: | Stephan WieflingORCiD, Markus Dürmuth, Luigi Lo Iacono |
Parent Title (English): | IEEE Security & Privacy |
Volume: | 19 |
Issue: | 6 |
First Page: | 47 |
Last Page: | 57 |
ISSN: | 1540-7993 |
URN: | urn:nbn:de:hbz:1044-opus-54912 |
DOI: | https://doi.org/10.1109/MSEC.2021.3077954 |
Publisher: | IEEE |
Publishing Institution: | Hochschule Bonn-Rhein-Sieg |
Date of first publication: | 2021/05/27 |
Copyright: | © 2021 IEEE. Personal use of this material is permitted. |
Funding: | This research was supported by the Human Centered Systems Security (NERD.NRW) research training group and was sponsored by the state of North Rhine-Westphalia. |
Departments, institutes and facilities: | Fachbereich Informatik |
Institut für Cyber Security & Privacy (ICSP) | |
Projects: | URIA - Usability of Risk-based Implicit Authentication |
Dewey Decimal Classification (DDC): | 0 Informatik, Informationswissenschaft, allgemeine Werke / 00 Informatik, Wissen, Systeme / 005 Computerprogrammierung, Programme, Daten |
Entry in this database: | 2021/05/19 |
Licence (Multiple languages): | In Copyright (Urheberrechtsschutz) |