User-centred authentication feature framework
Abstract
Purpose
This paper aims to propose that more useful novel schemes could develop from a more principled examination and application of promising authentication features. Text passwords persist despite several decades of evidence of their security and usability challenges. It seems extremely unlikely that a single scheme will globally replace text passwords, suggesting that a diverse ecosystem of multiple authentication schemes designed for specific environments is needed. Authentication scheme research has thus far proceeded in an unstructured manner.
Design/methodology/approach
This paper presents the User-Centred Authentication Feature Framework, a conceptual framework that classifies the various features that knowledge-based authentication schemes may support. This framework can used by researchers when designing, comparing and innovating authentication schemes, as well as administrators and users, who can use the framework to identify desirable features in schemes available for selection.
Findings
This paper illustrates how the framework can be used by demonstrating its applicability to several authentication schemes, and by briefly discussing the development and user testing of two framework-inspired schemes: Persuasive Text Passwords and Cued Gaze-Points.
Originality/value
This framework is intended to support the increasingly diverse ecosystem of authentication schemes by providing authentication researchers, professionals and users with the increased ability to design, develop and select authentication schemes better suited for particular applications, environments and contexts.
Keywords
Acknowledgements
This work was supported by the Natural Science and Engineering Research Council of Canada (NSERC), as well as partial funding from the NSERC Internetworked Systems Security Network (ISSNet). The second author acknowledges NSERC funding for her Canada Research Chair in Human-Oriented Computer Security.
Citation
Forget, A., Chiasson, S. and Biddle, R. (2015), "User-centred authentication feature framework", Information and Computer Security, Vol. 23 No. 5, pp. 497-515. https://doi.org/10.1108/ICS-08-2014-0058
Publisher
:Emerald Group Publishing Limited
Copyright © 2015, Emerald Group Publishing Limited