The password is dead, long live the password – A laboratory study on user perceptions of authentication schemes

Zimmermann, Verena; Gerber, Nina

doi:10.1016/j.ijhcs.2019.08.006

Cited by 62 publications

(75 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In relation to Reese et al we can also confirm that the code-based 2FA SUS scores are lower than those of password-only authentication. The results also reflect findings of Zimmermann and Gerber [52] regarding that password-only authentication received high ratings in terms of usability.…”

Section: User Acceptance and Sus (U1 U2supporting

confidence: 84%

More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication

Wiefling

Dürmuth

Iacono³

2020

Annual Computer Security Applications Conference

View full text Add to dashboard Cite

Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional features during login, and when observed feature values differ significantly from previously seen ones, users have to provide additional authentication factors such as a verification code. RBA has the potential to offer more usable authentication, but the usability and the security perceptions of RBA are not studied well.We present the results of a between-group lab study (n=65) to evaluate usability and security perceptions of two RBA variants, one 2FA variant, and password-only authentication. Our study shows with significant results that RBA is considered to be more usable than the studied 2FA variants, while it is perceived as more secure than password-only authentication in general and comparably secure to 2FA in a variety of application types. We also observed RBA usability problems and provide recommendations for mitigation. Our contribution provides a first deeper understanding of the users' perception of RBA and helps to improve RBA implementations for a broader user acceptance. CCS CONCEPTS• Security and privacy → Authentication; Usability in security and privacy.

show abstract

Section: User Acceptance and Sus (U1 U2supporting

confidence: 84%

More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication

Wiefling

Dürmuth

Iacono³

2020

Annual Computer Security Applications Conference

View full text Add to dashboard Cite

show abstract

“…Most users prefer passwords over alternative authentication mechanisms, probably due to their familiarity and the ubiquity of text entry mechanisms [30]. Other authentication types, such as biometrics or tokens, often involve extra expense or additional hardware, and are sometimes error-prone.…”

Section: Passwordsmentioning

confidence: 99%

Fear might motivate secure password choices in the short term, but at what cost?

Dupuis¹,

Renaud

Jennings³

2022

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Fear has been used to convince people to behave securely in a variety of cybersecurity domains. In this study, we tested the use of fear appeals, together with threat and coping appraisal components separately and together, on password hygiene behaviors. Fear did indeed elicit the anticipated response: people had higher levels of behavioral intention to engage in better password hygiene. Unfortunately, we also detected a largely negative affective response to the appeals. Fear, as a short-lived emotion, can indeed be effective in the short term. Snapshot-like studies, like the one reported here, might lead us to conclude that fear is indeed indicated and efficacious. Yet, it may backfire in the long term due to the negative long term affects it can trigger.

show abstract

“…Still, due to the easy deployment of passwords, they are unlikely to vanish soon [5,66]. A usable coniguration for enabling 2FA that is technologically robust, however, has not been realized yet [5,65].…”

Section: Usability Of Authenticationmentioning

confidence: 99%

“Nah, it’s just annoying!” A Deep Dive into User Perceptions of Two-Factor Authentication

Marky

Ragozin

Chernyshov

et al. 2022

ACM Trans. Comput.-Hum. Interact.

View full text Add to dashboard Cite

Two-factor authentication (2FA) is a recommended or imposed authentication mechanism for valuable online assets. However, 2FA mechanisms usually exhibit user experience issues that create user friction and even lead to poor acceptance, hampering the wider spread of 2FA. In this paper, we investigate user perceptions of 2FA through in-depth interviews with 42 participants, revealing key requirements that are not well met today despite recently emerged 2FA solutions. First, we investigate past experiences with authentication mechanisms emphasizing problems and aspects that hamper good user experience. Second, we investigate the different authentication factors more closely. Our results reveal particularly interesting preferences regarding the authentication factor ”ownership” in terms of properties, physical realizations, and interaction. These findings suggest a path towards 2FA mechanisms with considerably better user experience, promising to improve the acceptance and hence, the proliferation of 2FA for the benefit of security in the digital world.

show abstract

The password is dead, long live the password – A laboratory study on user perceptions of authentication schemes

Cited by 62 publications

References 32 publications

More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication

More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication

Fear might motivate secure password choices in the short term, but at what cost?

“Nah, it’s just annoying!” A Deep Dive into User Perceptions of Two-Factor Authentication

Contact Info

Product

Resources

About