A Typology of Authentication Systems
Christopher S. Pilson, James C. McElroy
TL;DR
This paper analyzes authentication systems by considering both organizational security needs and user experience, highlighting the importance of user-centered design to enhance security effectiveness.
Contribution
It introduces a typology of authentication systems emphasizing the balance between security and usability, advocating for user-aware design approaches.
Findings
User-centered authentication improves security outcomes.
Technical specifications alone may undermine system security.
Balancing organizational and user needs is crucial for effective authentication.
Abstract
Authentication systems are designed to give the right person access to an organization's information system and to restrict it from the wrong person. Such systems are designed by IT professionals to protect an organization's assets (e.g., the organization's network, database, or other information). Too often, such systems are designed around technical specifications without regard for the end user. We argue that doing so may actually compromise a system's security. This paper examines authentication systems from both the point of view of the organization and that of the user.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsUser Authentication and Security Systems · Advanced Authentication Protocols Security · Privacy, Security, and Data Protection