HOME

TheInfoList



Click Here for Items Related To - Usability Of Web Authentication Systems
OR:
Usability Of Web Authentication Systems on:   [Wikipedia]   [Google]   [Amazon]

Usability of web authentication systems refers to the efficiency and user acceptance of online authentication systems. Examples of web authentication systems are
passwords A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...
, federated identity systems (e.g.
Google Google LLC () is an American Multinational corporation, multinational technology company focusing on Search Engine, search engine technology, online advertising, cloud computing, software, computer software, quantum computing, e-commerce, ar ...
oAuth OAuth (short for "Open Authorization") is an open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords. T ...
2.0,
Facebook connect The Facebook Platform is the set of services, tools, and products provided by the social networking service Facebook for third-party developers to create their own applications and services that access data in Facebook. The current Facebook ...
,
Mozilla Mozilla (stylized as moz://a) is a free software community founded in 1998 by members of Netscape. The Mozilla community uses, develops, spreads and supports Mozilla products, thereby promoting exclusively free software and open standards, w ...
persona),
email Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic ( digital) version of, or counterpart to, mail, at a time when "mail" mean ...
-based
single sign-on Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems. True single sign-on allows the user to log in once and access services without re-enterin ...
(SSO) systems (e.g. SAW, Hatchet),
QR code A QR code (an initialism for quick response code) is a type of matrix barcode (or two-dimensional barcode) invented in 1994 by the Japanese company Denso Wave. A barcode is a machine-readable optical label that can contain information about th ...
-based systems (e.g. Snap2Pass, WebTicket) or any other system used to authenticate a user's identity on the web. Even though the usability of web
authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicatin ...
systems should be a key consideration in selecting a system, very few web authentication systems (other than passwords) have been subjected to formal usability studies or analysis.


Usability and users

A web authentication system needs to be as usable as possible whilst not compromising the
security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...
that it needs to ensure. The system needs to restrict access by malicious users whilst allowing access to authorised users. If the authentication system does not have sufficient security, malicious users could easily gain access to the system. On the other hand, if the authentication system is too complicated and restrictive, an authorised user would not be able to (or want to) use it. Strong security is achievable in any system, but even the most secure authentication system can be undermined by the users of the system, often referred to as the "weak links" in computer security. Users tend to inadvertently increase or decrease security of a system. If a system is not usable, security could suffer as users will try to minimize the effort required to provide input for authentication, such as writing down their passwords on paper. A more usable system could prevent this from happening. Users are more likely to oblige to authentication requests from systems that are important (e.g. online banking), as opposed to less important systems (e.g. a forum that the user visits infrequently) where these mechanisms might just be ignored. Users accept the security measures only up to a certain point before becoming annoyed by complicated authentication mechanisms. An important factor in the usability of a web authentication system is thus the convenience factor for the user around it.


Usability and web applications

The preferred web authentication system for web applications is the password, despite its poor usability and several security concerns. This widely used system usually contains mechanisms that were intended to increase security (e.g. requiring users to have high entropy passwords) but lead to password systems being less usable and inadvertently less secure. This is because users find these high entropy passwords harder to remember. Application creators need to make a paradigm shift to develop more usable authentication systems that take the user's needs into account. Replacing the ubiquitous password based systems with more usable (and possibly more secure) systems could lead to major benefits for both the owners of the application and its users.


Measurement

To measure the usability of a web authentication system, one can use the "usability–deployability–security" or "UDS" framework or a standard metric, such as the system usability scale. The UDS framework looks at three broad categories, namely usability deployability and security of a web authentication system and then rates the tested system as either offering or not offering a specific benefit linked to one (or more) of the categories. An authentication system is then classified as either offering or not offering a specific benefit within the categories of usability deployability and security. Measuring usability of web authentication systems will allow for formal evaluation of a web authentication system and determine the ranking of the system relative to others. While a lot of research regarding web authentication system is currently being done, it tends to focus on security and not usability. Future research should be evaluated formally for usability using a comparable metric or technique. This will enable the comparison of various authentication systems, as well as determining whether an authentication system meets a minimum usability benchmark.


Which web authentication system to choose

It has been found that security experts tend to focus more on
security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...
and less on the usability aspects of web authentication systems. This is problematic as there needs to be a balance between the
security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...
of a system and its ease-of-use. A study conducted in 2015 found that users tend to prefer Single sign-on (like those provided by Google and Facebook) based systems. Users preferred these systems because they found them fast and convenient to use. Single sign-on based systems have resulted in substantial improvements in both usability and security. SSO reduces the need for users to remember many usernames and passwords as well as the time needed to authenticate themselves, thereby improving the usability of the system.


Other important considerations

* Users prefer systems that are not complicated and require minimal effort to use and understand. * Users enjoy using
biometrics Biometrics are body measurements and calculations related to human characteristics. Biometric authentication (or realistic authentication) is used in computer science as a form of identification and access control. It is also used to identify i ...
and phone‐based authentication systems. However these types of systems require external devices to function, a higher level of interaction from users and need a fall back mechanism if device is unavailable or fails - which could lead to lower usability * The current password system used by many web applications could be extended for better usability by using: ** memorable mnemonics instead of passwords. ** graphical or mnemonic passwords to make authentication more usable.


Future work

Usability will become more and more important as more applications move online and require robust and reliable authentication systems that are both usable and secure. The use of brainwaves in authentication systems have been proposed as a possible way to achieve this. However more research and usability studies are required.


See also

*
Authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicatin ...
*
Authorization Authorization or authorisation (see spelling differences) is the function of specifying access rights/privileges to resources, which is related to general information security and computer security, and to access control in particular. More fo ...
*
Information security Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...
*
Internet security Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules ...
*
OpenID OpenID is an open standard and decentralized authentication protocol promoted by the non-profit OpenID Foundation. It allows users to be authenticated by co-operating sites (known as relying parties, or RP) using a third-party identity provider ...
*
OpenID Connect OpenID is an open standard and decentralized authentication protocol promoted by the non-profit OpenID Foundation. It allows users to be authenticated by co-operating sites (known as relying parties, or RP) using a third-party identity provide ...
*
Password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...
* System usability scale (SUS) * Usability *
Usability testing Usability testing is a technique used in user-centered interaction design to evaluate a product by testing it on users. This can be seen as an irreplaceable usability practice, since it gives direct input on how real users use the system. It is ...
* WebFinger *
WebID WebID is a method for internet services and members to know who they are communicating with. The WebID specifications define a set oto prepare the process of standardization for identity, identification and authentication on HTTP-based networks. W ...


References


Further reading

* * * * * {{cite book, chapter=Usability and User Authentication: Pectoral Password vs PIN, chapter-url=https://books.google.com/books?id=SCIxOaZTvgIC&q=usability+AND+authentication&pg=PA240, title=Contemporary Ergonomics, 2003, author=Paul T. McCabe, isbn=9780203455869, year=2002, publisher=CRC Press Usability Computer access control