1 + 1 = You: Measuring the Comprehensibility of Metaphors for Configuring Backup Authentication
Author(s): Stuart Schechter, Robert W. Reeder

Date: July 2009
Publication: Proceedings of the 5th Symposium on Usable Privacy and Security, SOUPS '09
Publisher: ACM
Source 1: http://research.microsoft.com/pubs/80366/a9-schechter.pdf
Source 2: http://dl.acm.org/citation.cfm?id=1572544 - Subscription or payment required

Abstract or Summary:
Backup authentication systems verify the identity of users who are unable to perform primary authentication---usually as a result of forgetting passwords. The two most common authentication mechanisms used for backup authentication by webmail services, personal authentication questions and email-based authentication, are insufficient. Many webmail users cannot benefit from email-based authentication because their webmail account is their primary email account. Personal authentication questions are frequently forgotten and prone to security failures, as illustrated by the increased scrutiny they received following their implication in the compromise of Republican vice presidential candidate Sarah Palin's Yahoo! account.

One way to address the limitations of existing backup authentication mechanisms is to add new ones. Since no mechanism is completely secure, system designers must support configurations that require multiple authentication tasks be completed to authenticate. Can users comprehend such a rich set of new options? We designed two metaphors to help users comprehend which combinations of authentication tasks would be sufficient to authenticate. We performed a usability study to measure users' comprehension of these metaphors. We find that the vast majority of users comprehend screenshots that represent authentication as an exam, in which points are awarded for the completion of individual authentication tasks and authentication succeeds when an authenticatee has accumulated enough points to achieve a passing score.

Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com