Keep on rating – on the systematic rating and comparison of authentication schemes

Verena Zimmermann (Department of Work and Engineering Psychology, Technische Universität Darmstadt, Darmstadt, Germany)
Nina Gerber (Department of Security, Usability, and Society, Karlsruhe Institute of Technology, Karlsruhe, Germany)
Peter Mayer (Department of Security, Usability, and Society, Karlsruhe Institute of Technology, Karlsruhe, Germany)
Marius Kleboth (Department of Work and Engineering Psychology, Technische Universität Darmstadt, Darmstadt, Germany)
Alexandra von Preuschen (Department of Work and Engineering Psychology, Technische Universität Darmstadt, Darmstadt, Germany)
Konstantin Schmidt (Department of Work and Engineering Psychology, Technische Universität Darmstadt, Darmstadt, Germany)

Information & Computer Security

ISSN: 2056-4961

Publication date: 7 June 2019

Abstract

Purpose

Six years ago, Bonneau et al. (2012) proposed a framework to compare authentication schemes to the ubiquitous text password. Even though their work did not reveal an alternative outperforming the text password on every criterion, the framework can support decision makers in finding suitable solutions for specific authentication contexts. The purpose of this paper is to extend and update the database, thereby discussing benefits, limitations and suggestions for continuing the development of the framework.

Design/methodology/approach

This paper revisits the rating process and describes the application of an extended version of the original framework to an additional 40 authentication schemes identified in a literature review. All schemes were rated in terms of 25 objective features assigned to the three main criteria: usability, deployability and security.

Findings

The rating process and results are presented along with a discussion of the benefits and pitfalls of the rating process.

Research limitations/implications

While the extended framework, in general, proves suitable for rating and comparing authentication schemes, ambiguities in the rating could be solved by providing clearer definitions and cut-off values. Further, the extension of the framework with subjective user perceptions that sometimes differ from objective ratings could be beneficial.

Originality/value

The results of the rating are made publicly available in an authentication choice support system named ACCESS to support decision makers and researchers and to foster the further extension of the knowledge base and future development of the extended rating framework.

Keywords

Citation

Zimmermann, V., Gerber, N., Mayer, P., Kleboth, M., von Preuschen, A. and Schmidt, K. (2019), "Keep on rating – on the systematic rating and comparison of authentication schemes", Information & Computer Security, Vol. ahead-of-print No. ahead-of-print. https://doi.org/10.1108/ICS-01-2019-0020

Download as .RIS

Publisher

:

Emerald Publishing Limited

Copyright © 2019, Emerald Publishing Limited

Please note you might not have access to this content

You may be able to access this content by login via Shibboleth, Open Athens or with your Emerald account.
If you would like to contact us about accessing this content, click the button and fill out the form.