Research Directions in Authentication and Personal Data

This work provides an analysis of current research exploring the problems that arise with combinations of personal data used in primary and secondary authentication and personal data available online. Personal data, such as names and birthdates, are used

  • PDF / 111,008 Bytes
  • 8 Pages / 439.37 x 666.142 pts Page_size
  • 72 Downloads / 263 Views

DOWNLOAD

REPORT


Abstract This work provides an analysis of current research exploring the problems that arise with combinations of personal data used in primary and secondary authentication and personal data available online. Personal data, such as names and birthdates, are used frequently in password creation or as answers to secondary authentication question. In combination, these problems increase security risks while failing to provide users with usability in the most common of authentication mechanism. Here, current literature is evaluated to compare current personal data used in password authentication with data commonly available online for individuals. The resulting contribution provides a framework for research, a compilation of current understandings of user’s password design and secondary authentication questions, the relationship of authentication to personal data, and directions for future research. Keywords User behavior Secondary authentication

 Password authentication  Personal data availability 

1 Introduction The design of feasible authentication mechanisms able to provide adequate security and privacy while maintaining usability remains an elusive goal for the Information Systems (IS) community. Considering usability and security in tandem creates an intractable problem requiring a broad spectrum of research specialties including Human Centered Computing (HCC) and Human Computer Interaction (HCI). While conceived and introduced frequently, alternative authentication schemes have not succeeded in wide-spread replacement of the password, despite superiority to standard passwords with regard to usability, security, or other factors considered K.E. Richards (&)  A.F. Norcio University of Maryland, Baltimore County, 1000 Hilltop Circle, Baltimore, MD 21250, USA e-mail: [email protected] © Springer International Publishing Switzerland 2016 D. Nicholson (ed.), Advances in Human Factors in Cybersecurity, Advances in Intelligent Systems and Computing 501, DOI 10.1007/978-3-319-41932-9_25

305

306

K.E. Richards and A.F. Norcio

individually [1–4]. Despite much dedicated effort to produce alternatives, passwords remain the most common form of authentication and seem likely to remain in use for some time [1, 4]. It is therefore incumbent upon researchers in interested fields to address meaningfully improving password based authentication protocols [4]. This work sets forth a particular weakness in authentication and secondary authentication mechanisms and suggests research directions required to improve upon this weakness. In addition to other security weaknesses, password usage is fraught with poor user behaviors that compromise security [5]. Failure to change passwords frequently, use of the same password on multiple devices, weak passwords with insufficient randomness or number of characters, and writing down or sharing passwords with others may compromise security [6–8]. These user behaviors are attributed to a wide variety of causes including user laziness, lack of information or training [3, 9]. Research also s