Organizations rely on password-based authentication methods to control access to many Web-based systems. In a recent study, we developed a benchmarking instrument to assess the authentication methods used in these contexts. Our instrument developed included extensive literature foundation and an expert panel assessment. This paper reports on the development of the instrument and the expert panel assessment. The initial draft of the instrument was derived from literature to assess 1) password strength requirements, 2) password usage methods, and 3) password reset requirements. Following, the criteria within the index were evaluated by an expert panel and the same panel provided opinions on the relative weights of the criteria and the measures. The expert panel results were collected and analyzed using Multi-Criteria Decision Analysis (MCDA) techniques. We conclude with discussions on how the criteria were assembled, how the expert panel was conducted, and reporting the results from the panel. The results reported include the relative weights within te password usage and password reset measures as well as the relative weights of the three measures within the index.
Available at: http://works.bepress.com/herbert_mattord/25/