1 / 15

Security and Usability of Password Based User Authentication Systems

Security and Usability of Password Based User Authentication Systems. Hatim Alsuwat Sami Alsuwat. Overview. Nowadays most services and businesses are available through the Internet. This massive use of computer systems has resulted in two major requirements, Usability, and

grady-tyler
Download Presentation

Security and Usability of Password Based User Authentication Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security and Usability of Password Based User Authentication Systems Hatim Alsuwat Sami Alsuwat

  2. Overview • Nowadays most services and businesses are available through the Internet. • This massive use of computer systems has resulted in two major requirements, • Usability, and • Security of passwords. • Trade-off between security and usability and security

  3. Our Hypothesis • It is feasible to define a balanced solution where security and usability of password management are acceptable; thus allowing us to evaluate password security and usability of different systems.

  4. The Proposed Research • Task 1: Studying current security and usability approaches and password management, • Task 2: representing the relationship between security and usability of password management, and • Task 3: evaluating password security with usability of different systems based on task 2. The outcome of this task can be divided into three cases as follow: • Case 1: Identify usable, not secure passwords, • Case 2: Identify unusable, secure passwords, and • Case 3: Identify usable, secure (balanced solution) passwords.

  5. Task 1: Studying current security and usability approaches and password management: • Password strength is a function that estimates the average number of attempts an attacker needs to do in order to crack the password correctly based on three factors, which are length, complexity, and unpredictability of a password.

  6. Password management vs. security and usability • Weak passwords characteristics • Weak passwords practices • Strong passwords characteristics • Strong passwords practices

  7. Password management vs. security and usability • The approach of reusing the same password for different systems. • The problem of is low-trust systems such as online gaming. • If the attackers compromise the user’s password for one account then all other accounts are compromised.

  8. Password management vs. security and usability • Another alternative approach of choosing independent passwords for each system. • Strongest security guarantees since if an attacker compromises one of the user’s password for one account then the other accounts are not compromised. • However, there will be negative impact on the usability since most of online profiles are visited infrequently, and therefore, users are more likely to forget those passwords or bypass the security by writing those passwords down.

  9. Task 2: Representing the relationship between security and usability of password management

  10. Task 3: Evaluating password security with usability of different systems • The outcome of this task can be divided into three cases as follow: • Case 1: Identify usable, not secure password, • Case 2: Identify unusable, secure password, and • Case 3: Identify usable, secure (balanced solution) password.

  11. Case 1: Identify usable, not secure password,

  12. Case 2: Identify unusable, secure password

  13. Case 3: Identify usable, secure (balanced solution) password

  14. References • Andrew Cheung, Terren Chong. (2008). Usability and Security. Vrije Universiteit Amsterdam. Web. • Asbjørn Følstad, E. L.-C. (2012). Analysis in Practical Usability Evaluation: A Survey Study. ACM, 2127-2136. • Gathercole, Susan E. Short-term and Working Memory: A Special Issue of Memory. Hove: Psychology, 2001. Print. • Hub, M., Capek, J., & Myskova, R. (2011). Relationship between security and usability – authentication case study. International Journal of Computers and Communication, 5(1), 1-8. • Jaroslav Zeman, P. T. (2009). The Utilization Of Metrics Usability To Evaluate The Software Quality. 2009 International Conference on Computer Technology and Development (pp. 243-246). IEEE Computer Society. • Jeffrey Stylos, S. C. (n.d.). Usability Implications of Requiring Parameters in Objects’ Constructors. • Jens Gerken, H.-C. J. (2011). The Concept Maps Method as a Tool to Evaluate the Usability of APIs. ACM, 2337-2346. • Markotten, U. J. (2000). Usability meets Security - The Identity-Manager as your Personal Security Assistant for the Internet. IEEE, 344-353. • Matthew, G., & Thomas, S. (2013). A novel multifactor authentication system ensuring usability and security. Cryptography and Security, 1-10. • Parmit K. Chilana, J. O. (2010). Understanding Usability Practices in Complex Domains. ACM, 2337-2346.

More Related