Security News > 2020 > October > On Risk-Based Authentication

Abstract: Risk-based Authentication is an adaptive security measure to strengthen password-based authentication.

RBA monitors additional features during login, and when observed feature values differ significantly from previously seen ones, users have to provide additional authentication factors such as a verification code.

RBA has the potential to offer more usable authentication, but the usability and the security perceptions of RBA are not studied well.

We present the results of a between-group lab study to evaluate usability and security perceptions of two RBA variants, one 2FA variant, and password-only authentication.

Our study shows with significant results that RBA is considered to be more usable than the studied 2FA variants, while it is perceived as more secure than password-only authentication in general and comparably se-cure to 2FA in a variety of application types.

News URL

https://www.schneier.com/blog/archives/2020/10/on-risk-based-authentication.html