Chapter Six. Evaluating Authentication Mechanisms

Previous page
Table of content
Next page

Karen Renaud

THE END USER PLAYS A VITAL ROLE IN ACHIEVING SYSTEM SECURITY. If a security system is designed to accommodate the average user's needs and limitations, it is more likely that the system will succeed. Bear in mind that computer users are primarily goal directed and engaged in carrying out some taskand that maintaining security is usually not an integral part of that task. Hence, security systems are sometimes seen as an intrusion to be dealt with as quickly as possible so that users can continue with their primary task. Jonathan Grudin[1] found that humans would subvert any technology that did not directly benefit them in a group-based technological environment. This finding appears to apply to authentication mechanisms too: people often work around these mechanisms, which are put there explicitly to protect them, because they do not fully understand the benefits that will accrue from observation of security guidelines. Of course, security mechanisms do benefit end users, but they sometimes have a limited understanding of the whole security arena and do not have an insight into the benefits of taking the time to behave securely.

[1] J. Grudin, "Social Evaluation of User Interfaces. Who Does the Work and Who Gets the Benefit?" in H-J Bullinger and B. Shackel (eds.), Proceedings of INTERACT 1987 IFIP Conference on Human Computer Interaction (Elsevier,1987), 805811.

Password-based authentication is currently the most common authentication mechanism, but passwords are notoriously weak, mostly because of human information-processing limitations. People have too many passwords and PINs to remember, so they resort invariably to choosing easily remembered weak passwords, writing down the strong passwords, or using the same password with multiple accounts. All of these strategies weaken the password authentication mechanism.

Biometrics is another common authentication mechanism. Besides being usually more expensive than passwords, biometrics is also somewhat unreliable because human beings are, by their very nature, variable. For example, fingerprint readers can misread if given dirty or damaged fingers; they can also be confused by users who don't place their fingers correctly on the reader. Some biometrics can also be readily compromised; for example, people can also unknowingly leave enough skin oil residue on the reader to enable an attacker to duplicate their fingerprints.

This chapter provides an overview of the different authentication mechanisms and proposes a technique for comparing these mechanisms to support developers in making an informed choice for their systems.


Previous page
Table of content
Next page
Security and Usability. Designing Secure Systems that People Can Use
Security and Usability: Designing Secure Systems That People Can Use
ISBN: 0596008279
EAN: 2147483647
Year: 2004
Pages: 295
Authors: Lorrie Faith Cranor, Simson Garfinkel
BUY ON AMAZON
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
Java How to Program (6th Edition) (How to Program (Deitel))
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
Visual Studio Tools for Office(c) Using C# with Excel, Word, Outlook, and InfoPath
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy