Costs and Benefits of Authentication Advice-Reference-Cited by-同舟云学术

Costs and Benefits of Authentication Advice

Published:2023-05-13 Issue:3 Volume:26 Page:1-35
ISSN:2471-2566
Container-title:ACM Transactions on Privacy and Security
language:en
Short-container-title:ACM Trans. Priv. Secur.

Author:

Murray Hazel¹^ORCID,Malone David²^ORCID

Affiliation:

1. Munster Technological University, Ireland

2. Maynooth University, Maynooth, Ireland

Abstract

Authentication security advice is given with the goal of guiding users and organisations towards secure actions and practices. In this article, a taxonomy of 270 pieces of authentication advice is created, and a survey is conducted to gather information on the costs associated with following or enforcing the advice. Our findings indicate that security advice can be ambiguous and contradictory, with 41% of the advice collected being contradicted by another source. Additionally, users reported high levels of frustration with the advice and identified high usability costs. The study also found that end-users disagreed with each other 71% of the time about whether a piece of advice was valuable or not. We define a formal approach to identifying security benefits of advice. Our research suggests that cost-benefit analysis is essential in understanding the value of enforcing security policies. Furthermore, we find that organisation investment in security seems to have better payoffs than mechanisms with high costs to users.

Funder

CyberSkills HCI Pillar 3 Project

Science Foundation Ireland

European Regional Development Fund

Publisher

Association for Computing Machinery (ACM)

Subject

Safety, Risk, Reliability and Quality,General Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/3588031

Reference52 articles.

1. Users are not the enemy

2. APWG. 2018. Phishing Activity Trends Report 1st Quarter 2018. Technical Report. Retrieved from https://docs.apwg.org/reports/apwg_trends_report_q1_2018.pdf.

3. Simon Arnell, Adam Beautement, Philip Inglesant, Brian Monahan, David Pym, and Martina Angela Sasse. 2012. Systematic decision making in security management modelling password usage and support. In International Workshop on Quantitative Aspects in Security Assurance. Citeseer.

4. Adam Beautement, Martina Angela Sasse, and Mike Wonham. 2009. The compliance budget: Managing security behaviour in organisations. In Workshop on New Security Paradigms. ACM, 47–58.

5. Designing a Trade-Off Between Usability and Security: A Metrics Based-Model

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Costs and Benefits of Authentication Advice;ACM Transactions on Privacy and Security;2023-05-13