Keep on rating – on the systematic rating and comparison of authentication schemes. (11th November 2019)
- Record Type:
- Journal Article
- Title:
- Keep on rating – on the systematic rating and comparison of authentication schemes. (11th November 2019)
- Main Title:
- Keep on rating – on the systematic rating and comparison of authentication schemes
- Authors:
- Zimmermann, Verena
Gerber, Nina
Mayer, Peter
Kleboth, Marius
von Preuschen, Alexandra
Schmidt, Konstantin - Abstract:
- Abstract : Purpose: Six years ago, Bonneau et al. (2012) proposed a framework to compare authentication schemes to the ubiquitous text password. Even though their work did not reveal an alternative outperforming the text password on every criterion, the framework can support decision makers in finding suitable solutions for specific authentication contexts. The purpose of this paper is to extend and update the database, thereby discussing benefits, limitations and suggestions for continuing the development of the framework. Design/methodology/approach: This paper revisits the rating process and describes the application of an extended version of the original framework to an additional 40 authentication schemes identified in a literature review. All schemes were rated in terms of 25 objective features assigned to the three main criteria: usability, deployability and security. Findings: The rating process and results are presented along with a discussion of the benefits and pitfalls of the rating process. Research limitations/implications: While the extended framework, in general, proves suitable for rating and comparing authentication schemes, ambiguities in the rating could be solved by providing clearer definitions and cut-off values. Further, the extension of the framework with subjective user perceptions that sometimes differ from objective ratings could be beneficial. Originality/value: The results of the rating are made publicly available in an authentication choiceAbstract : Purpose: Six years ago, Bonneau et al. (2012) proposed a framework to compare authentication schemes to the ubiquitous text password. Even though their work did not reveal an alternative outperforming the text password on every criterion, the framework can support decision makers in finding suitable solutions for specific authentication contexts. The purpose of this paper is to extend and update the database, thereby discussing benefits, limitations and suggestions for continuing the development of the framework. Design/methodology/approach: This paper revisits the rating process and describes the application of an extended version of the original framework to an additional 40 authentication schemes identified in a literature review. All schemes were rated in terms of 25 objective features assigned to the three main criteria: usability, deployability and security. Findings: The rating process and results are presented along with a discussion of the benefits and pitfalls of the rating process. Research limitations/implications: While the extended framework, in general, proves suitable for rating and comparing authentication schemes, ambiguities in the rating could be solved by providing clearer definitions and cut-off values. Further, the extension of the framework with subjective user perceptions that sometimes differ from objective ratings could be beneficial. Originality/value: The results of the rating are made publicly available in an authentication choice support system named ACCESS to support decision makers and researchers and to foster the further extension of the knowledge base and future development of the extended rating framework. … (more)
- Is Part Of:
- Information and computer security. Volume 27:Number 5(2019)
- Journal:
- Information and computer security
- Issue:
- Volume 27:Number 5(2019)
- Issue Display:
- Volume 27, Issue 5 (2019)
- Year:
- 2019
- Volume:
- 27
- Issue:
- 5
- Issue Sort Value:
- 2019-0027-0005-0000
- Page Start:
- 621
- Page End:
- 635
- Publication Date:
- 2019-11-11
- Subjects:
- Password -- Rating -- ACCESS -- Authentication scheme -- Objective features -- Subjective Perceptions
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-01-2019-0020 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 17464.xml