Abstract
Authentication is an important security component of almost any software application. It serves as the application’s security front door by controlling access with the goal of protecting the confidentiality and integrity of the system. However, with the large variety of software applications that an end user interacts with daily, authentication is becoming a usability issue that has the potential to weaken a system’s overall security. The increasing complexity of dealing with a variety of authentication mechanisms often causes end users to develop negative security behaviours, such as writing down passwords. Moreover, some of the currently available authentication mechanisms, such as alphanumeric passwords, raise universal access issues due to both the issue of remembering a complex sequence of characters and the difficulty some individuals may have in entering that exact sequence on a keyboard or mobile device. This article proposes an authentication approach that seeks to address these usability, universal access, and security issues.
Chapter PDF
Similar content being viewed by others
Keywords
- Cognitive Load
- Universal Access
- International Standard Organization
- Authentication System
- Authentication Mechanism
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
AL-Harby, F., Qahwaji, R., Kamala, M.: Users’ acceptance of secure biometrics authentication system: Reliability and validate of an extended UTAUT model. In: Zavoral, F., Yaghob, J., Pichappan, P., El-Qawasmeh, E. (eds.) NDT 2010. CCIS, vol. 87, pp. 254–258. Springer, Heidelberg (2010)
Bahr, G.S., Allen, W.H.: Rational interfaces for effective security software: Polite interaction guidelines for secondary tasks. In: Stephanidis, C., Antona, M. (eds.) UAHCI 2013, Part I. LNCS, vol. 8009, pp. 165–174. Springer, Heidelberg (2013)
Balfanz, D., Durfee, G., Smetters, D.K., Grinter, R.E.: In search of usable security: Five lessons from the field. IEEE Security & Privacy 2(5), 19–24 (2004)
Bertino, E., Martino, L., Paci, F., Squicciarini, A.: Security for Web Services and Service-Oriented Architectures. Springer Publishing Company (2009) (Incorporated)
Braz, C., Robert, J.-M.: Security and usability: The case of the user authentication methods. In: Proceedings of the 18th International Conferenceof the Association Francophone d’Interaction Homme-Machine, pp. 199–203. ACM (2006)
Burr, W.E., Dodson, D.F., Newton, E.M., Perlner, R.A., Polk, W.T., Gupta, S., Nabbus, E.A.: Sp 800-63-1. electronic authentication guideline (2011)
Dirik, A.E., Memon, N., Birget, J.C.: Modeling user choice in the passpoints graphical password scheme. In: Proceedings of the 3rd Symposium on Usable Privacy and Security, pp. 20–28. ACM (2007)
Flechais, I., Mascolo, C., Sasse, M.A.: Integrating security and usability into the requirements and design process. International Journal of Electronic Security and Digital Forensics 1(1), 12–26 (2007)
Garfinkel, S.: Design Principles and Patterns for Computer Systems that are Simultaneously Secure and Usable. Ph.D. thesis, Massachusetts Institute of Technology (2005)
Gutmann, P., Grigg, I.: Security usability. IEEE Security & Privacy 3(4), 56–58 (2005)
Hausawi, Y.M., Mayron, L.M.: Towards usable and secure natural language processing systems. In: HCI International 2013 Extended Abstracts, pp. 109–113. Springer (2013)
ISO, W.: 9241-11. ergonomic requirements for office work with visual display terminals (VDTs). The international organization for standardization (1998)
Jain, A.K., Ross, A.A.A., Nandakumar, K.: Introduction to biometrics. Springer (2011)
Kumar, N.: Password in practice: An usability survey. Journal of Global Research in Computer Science 2(5), 107–112 (2011)
Lampson, B.: Privacy and security usable security: How to get it. Communications of the ACM 52(11), 25–27 (2009)
Mayron, L.M., Hausawi, Y., Bahr, G.S.: Secure, usable biometric authentication systems. In: Stephanidis, C., Antona, M. (eds.) UAHCI 2013, Part I. LNCS, vol. 8009, pp. 195–204. Springer, Heidelberg (2013)
Nielsen, J.: Heuristic evaluation. Usability inspection methods 17, 25–62 (1994)
Nielsen, J.: How to conduct a heuristic evaluation (2001) (retrieved November 10)
Payne, B.D., Edwards, W.K.: A brief introduction to usable security. IEEE Internet Computing 12(3), 13–21 (2008)
Pfleeger, C.P., Pfleeger, S.L.: Security in Computing. Prentice Hall PTR (2006)
Sarohi, H.K., Khan, F.U.: Graphical password authentication schemes: Current status and key issues (2013)
Sasse, M.A.: Computer security: Anatomy of a usability disaster, and a plan for recovery. In: Proceedings of CHI 2003 Workshop on HCI and Security Systems, Citeseer (2003)
Sasse, M.A., Brostoff, S., Weirich, D.: Transforming the weakest link a human/computer interaction approach to usable and effective security. BT Technology Journal 19(3), 122–131 (2001)
Stoll, J., Tashman, C.S., Edwards, W.K., Spafford, K.: Sesame: Informing user security decisions with system visualization. In: Proceedings of the Twenty-Sixth Annual SIGCHI Conference on Human Factors in Computing Systems, pp. 1045–1054. ACM (2008)
Toledano, D.T., Pozo, R.F., Trapote, Á.H., Gómez, L.H.: Usability evaluation of multi-modal biometric verification systems. Interacting with Computers 18(5), 1101–1122 (2006)
Whitten, A., Tygar, J.D.: Why johnny cant encrypt: A usability evaluation of pgp 5.0. In: Proceedings of the 8th USENIX Security Symposium, vol. 99, McGraw-Hill (1999)
Yee, K.-P.: Aligning security and usability. IEEE Security & Privacy 2(5), 48–55 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Hausawi, Y.M., Allen, W.H., Bahr, G.S. (2014). Choice-Based Authentication: A Usable-Security Approach. In: Stephanidis, C., Antona, M. (eds) Universal Access in Human-Computer Interaction. Design and Development Methods for Universal Access. UAHCI 2014. Lecture Notes in Computer Science, vol 8513. Springer, Cham. https://doi.org/10.1007/978-3-319-07437-5_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-07437-5_12
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07436-8
Online ISBN: 978-3-319-07437-5
eBook Packages: Computer ScienceComputer Science (R0)