Authentication

Authentication mechanisms such as passwords and multi-factor authentication methods (e.g., smart cards and tokens) provide examples of the challenges involved in creating usable cybersecurity solutions.

We conduct research that explores the usage and usability of authentication mechanisms. We focus on how these mechanisms can be improved to aid in their correct, secure employment by different user populations while avoiding user frustration and circumvention.

Current/recent research projects:

• Digital identity guidelines - incorporation of usability concerns into digital identity mechanisms and policies
• Youth passwords - youth perceptions of online safety, privacy, and security from three perspectives: youth themselves, parents/guardians, and teachers/educator

Past projects:

• Authentication diary study – users’ daily interactions with authentication mechanisms to develop an authentication task model
• Memory and motor -  cognitive models and motor and physiological factors in password creation, recall, and entry
• Mobile authentication - usability of authentication mechanisms on mobile platforms
• Multi-factor authentication  - factors that encourage/discourage adoption
• Password creation and use -  behaviors related to password creation, usage, and management
• Password policy analysis -  formal language to describe and explore password policies and their evolution over time