Article
Human-centered authentication guidelines
Information and Computer Security
(2017)
Abstract
Purpose
Despite the widespread use of authentication schemes and the rapid emergence of novel authentication schemes, a general set of domain-specific guidelines has not yet been developed. This paper aims to present and explain a list of human-centered guidelines for developing usable authentication schemes.
Design/methodology/approach
The guidelines stem from research findings within the fields of psychology, human–computer interaction and information/computer science.
Findings
Instead of viewing users as the inevitable weak point in the authentication process, this study proposes that authentication interfaces be designed to take advantage of users’ natural abilities. This approach requires that one understands how interactions with authentication interfaces can be improved and what human capabilities can be exploited. A list of six guidelines that designers ought to consider when developing a new usable authentication scheme has been presented.
Research limitations/implications
This consolidated list of usable authentication guidelines provides system developers with immediate access to common design issues impacting usability. These guidelines ought to assist designers in producing more secure products in fewer costly development cycles.
Originality/value
Cybersecurity research and development has mainly focused on technical solutions to increase security. However, the greatest weakness of many systems is the user. It is argued that authentication schemes with poor usability are inherently insecure, as users will inadvertently weaken the security in their efforts to use the system. The study proposes that designers need to consider the human factors that impact end-user behavior. Development from this perspective will address the greatest weakness in most security systems by increasing end-user compliance.
Keywords
- Guidelines,
- Cybersecurity,
- Usable security,
- Interface design
Disciplines
Publication Date
2017
DOI
10.1108/ICS-04-2016-0034
Publisher Statement
This is the Submitted Manuscript of an article published in the journal Information and Computer Security, volume 25, issue 4, 2017. The Version of Record is available at this link: https://doi.org/10.1108/ICS-04-2016-0034
SJSU users: use the following link to login and access the article via SJSU databases.
Citation Information
Jeremiah D. Still, Ashley Cain and David Schuster. "Human-centered authentication guidelines" Information and Computer Security Vol. 25 Iss. 4 (2017) p. 437 - 453 ISSN: 056-4961 Available at: http://works.bepress.com/david_schuster/54/