Abstract
Six years ago Bonneau et al. (2012) proposed a framework to comparatively evaluate authentication schemes. They applied their framework to 35 different authentication schemes to identify alternatives to the ubiquitous text password. However, in their work no sole authentication scheme proved to be suitable for every application scenario, hence the quest to replace passwords has not yet been solved. This paper revisits the rating process and describes the application of an extended version of the original framework to an additional 40 authentication schemes identified in a literature review. All schemes were rated in terms of 25 objective features assigned to the three main criteria usability, deployability, and security. The rating process and results are presented along with a discussion of the benefits and pitfalls of the rating process. Our goal thereby is not to claim victory over text passwords, but to help decision makers in identifying suitable authentication schemes for their specific application scenario. The results were also made publicly available in an authentication choice support system named ACCESS to foster the further extension of the knowledge base and future development of the rating process. Show more
Publication status
publishedExternal links
Book title
Proceedings of the Twelfth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2018)Pages / Article No.
Publisher
University of PlymouthEvent
Subject
Authentication Scheme; Password; Rating; ACCESSOrganisational unit
02045 - Dep. Geistes-, Sozial- u. Staatswiss. / Dep. of Humanities, Social and Pol.Sc.09775 - Zimmermann, Verena / Zimmermann, Verena
More
Show all metadata
ETH Bibliography
no
Altmetrics