用户特征及其对物理认证设备可用安全性的影响

IF 3.5 3区计算机科学 Q2 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

IEEE Transactions on Human-Machine Systems Pub Date : 2024-07-24 DOI:10.1109/THMS.2024.3421538

Jongkil Jay Jeong;Syed Wajid Ali Shah;Ashish Nanda;Robin Doss;Mohammad Nosouhi;Jeb Webb

{"title":"用户特征及其对物理认证设备可用安全性的影响","authors":"Jongkil Jay Jeong;Syed Wajid Ali Shah;Ashish Nanda;Robin Doss;Mohammad Nosouhi;Jeb Webb","doi":"10.1109/THMS.2024.3421538","DOIUrl":null,"url":null,"abstract":"Physical authentication devices (PADs) offer a higher level of security than other authentication technologies commonly used in multifactor authentication (MFA) schemes because they are much less vulnerable to attack. However, PAD uptake remains significantly lower than that for SMS and app-based approaches, accounting for only 10% of all authentication technologies currently being utilized in MFA. Prior studies indicate that the primary reason for this low adoption rate is due to negative users' perceptions and attitudes toward the usability of PADs; many of these studies often skew toward a particular set of users (e.g., young university students, etc.), often creating a bias toward what usable security entails. To address this limitation, we have formulated an original research methodology that segments users into specific groups based on their user characteristics (i.e., age, education, and experience) and examines how each group defines usability and ranks their preferences regarding certain security features. Based on a survey of 410 participants, our results indicate that there are indeed different usable security preferences for each user group, and we, therefore, provide recommendations on how existing PADs might be enhanced to support usability and improve adoption rates.","PeriodicalId":48916,"journal":{"name":"IEEE Transactions on Human-Machine Systems","volume":null,"pages":null},"PeriodicalIF":3.5000,"publicationDate":"2024-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"User Characteristics and Their Impact on the Perceived Usable Security of Physical Authentication Devices\",\"authors\":\"Jongkil Jay Jeong;Syed Wajid Ali Shah;Ashish Nanda;Robin Doss;Mohammad Nosouhi;Jeb Webb\",\"doi\":\"10.1109/THMS.2024.3421538\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Physical authentication devices (PADs) offer a higher level of security than other authentication technologies commonly used in multifactor authentication (MFA) schemes because they are much less vulnerable to attack. However, PAD uptake remains significantly lower than that for SMS and app-based approaches, accounting for only 10% of all authentication technologies currently being utilized in MFA. Prior studies indicate that the primary reason for this low adoption rate is due to negative users' perceptions and attitudes toward the usability of PADs; many of these studies often skew toward a particular set of users (e.g., young university students, etc.), often creating a bias toward what usable security entails. To address this limitation, we have formulated an original research methodology that segments users into specific groups based on their user characteristics (i.e., age, education, and experience) and examines how each group defines usability and ranks their preferences regarding certain security features. Based on a survey of 410 participants, our results indicate that there are indeed different usable security preferences for each user group, and we, therefore, provide recommendations on how existing PADs might be enhanced to support usability and improve adoption rates.\",\"PeriodicalId\":48916,\"journal\":{\"name\":\"IEEE Transactions on Human-Machine Systems\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":3.5000,\"publicationDate\":\"2024-07-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Human-Machine Systems\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10608421/\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Human-Machine Systems","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10608421/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

摘要

与多因素身份验证（MFA）方案中常用的其他身份验证技术相比，物理身份验证设备（PAD）具有更高的安全性，因为它们更不易受到攻击。然而，与基于短信和应用程序的方法相比，物理身份验证设备的使用率仍然很低，只占目前多因素身份验证（MFA）中使用的所有身份验证技术的 10%。先前的研究表明，采用率低的主要原因是用户对 PAD 可用性的负面看法和态度；其中许多研究往往偏向于特定的用户群体（如年轻的大学生等），往往会对可用的安全性产生偏见。为了解决这一局限性，我们制定了一种独创的研究方法，根据用户特征（如年龄、教育程度和经验）将用户划分为特定的群体，并研究每个群体如何定义可用性以及他们对某些安全功能的偏好程度。在对 410 名参与者进行调查的基础上，我们的结果表明，每个用户群体确实有不同的可用安全偏好，因此，我们就如何增强现有 PAD 以支持可用性和提高采用率提出了建议。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

User Characteristics and Their Impact on the Perceived Usable Security of Physical Authentication Devices

Physical authentication devices (PADs) offer a higher level of security than other authentication technologies commonly used in multifactor authentication (MFA) schemes because they are much less vulnerable to attack. However, PAD uptake remains significantly lower than that for SMS and app-based approaches, accounting for only 10% of all authentication technologies currently being utilized in MFA. Prior studies indicate that the primary reason for this low adoption rate is due to negative users' perceptions and attitudes toward the usability of PADs; many of these studies often skew toward a particular set of users (e.g., young university students, etc.), often creating a bias toward what usable security entails. To address this limitation, we have formulated an original research methodology that segments users into specific groups based on their user characteristics (i.e., age, education, and experience) and examines how each group defines usability and ranks their preferences regarding certain security features. Based on a survey of 410 participants, our results indicate that there are indeed different usable security preferences for each user group, and we, therefore, provide recommendations on how existing PADs might be enhanced to support usability and improve adoption rates.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Transactions on Human-Machine Systems COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE-COMPUTER SCIENCE, CYBERNETICS

CiteScore

7.10

自引率

11.10%

发文量

136

期刊介绍： The scope of the IEEE Transactions on Human-Machine Systems includes the fields of human machine systems. It covers human systems and human organizational interactions including cognitive ergonomics, system test and evaluation, and human information processing concerns in systems and organizations.