当前位置:
X-MOL 学术
›
Comput. Secur.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Passphrase and Keystroke Dynamics Authentication: Usable Security
Computers & Security ( IF 5.6 ) Pub Date : 2020-09-01 , DOI: 10.1016/j.cose.2020.101925 Bhaveer Bhana , Stephen Flowerday
Computers & Security ( IF 5.6 ) Pub Date : 2020-09-01 , DOI: 10.1016/j.cose.2020.101925 Bhaveer Bhana , Stephen Flowerday
Abstract It was found that employees spend a total of 2.25 days within 60 days on password-related activities. The time consumed by this is unproductive and has a negative impact on usability. The problem is caused by current text-based user authentication policies in use. This study aims to address this research problem by assessing the effectiveness of a proposed two-tier user authentication solution involving passphrases and keystroke dynamics. A design science research approach was used to guide this study, the theoretical foundation of which included three theories: the Shannon Entropy theory which was used to calculate the strength of passwords, passphrases and keystroke dynamics; Chunking theory assisted in assessing password and passphrase memorisation issues; and the Keystroke Level model was used to assess password and passphrase typing issues. Two primary data collection methods were used to evaluate the findings and to ensure that gaps in the research were filled. Firstly, a login assessment experiment was used to collect data on user authentication and user–system interaction for passwords and passphrases and, secondly, an expert review was conducted to validate findings and assess the research artefact in the form of a model. The model was finalised after it had been updated based on the expert review feedback. The model indicates the components that should be considered to implement the user authentication solution successfully. If all the model components are considered, the proposed two-tier user authentication solution has the potential to improve security and usability in the user authentication process.
中文翻译:
密码短语和击键动态身份验证:可用的安全性
摘要 调查发现,员工在 60 天内总共花费 2.25 天进行与密码相关的活动。这消耗的时间是非生产性的,并对可用性产生负面影响。该问题是由当前使用的基于文本的用户身份验证策略引起的。本研究旨在通过评估所提议的涉及密码短语和击键动态的两层用户身份验证解决方案的有效性来解决这一研究问题。本研究采用设计科学研究方法指导,其理论基础包括三个理论:香农熵理论,用于计算密码强度、密码短语和击键动态;分块理论有助于评估密码和密码记忆问题;击键级别模型用于评估密码和密码短语输入问题。使用两种主要的数据收集方法来评估结果并确保填补研究中的空白。首先,使用登录评估实验来收集有关密码和密码短语的用户身份验证和用户与系统交互的数据,其次,进行专家评审以验证结果并以模型的形式评估研究人工制品。该模型在根据专家评审反馈进行更新后最终确定。该模型指示成功实施用户身份验证解决方案应考虑的组件。如果考虑所有模型组件,
更新日期:2020-09-01
中文翻译:
密码短语和击键动态身份验证:可用的安全性
摘要 调查发现,员工在 60 天内总共花费 2.25 天进行与密码相关的活动。这消耗的时间是非生产性的,并对可用性产生负面影响。该问题是由当前使用的基于文本的用户身份验证策略引起的。本研究旨在通过评估所提议的涉及密码短语和击键动态的两层用户身份验证解决方案的有效性来解决这一研究问题。本研究采用设计科学研究方法指导,其理论基础包括三个理论:香农熵理论,用于计算密码强度、密码短语和击键动态;分块理论有助于评估密码和密码记忆问题;击键级别模型用于评估密码和密码短语输入问题。使用两种主要的数据收集方法来评估结果并确保填补研究中的空白。首先,使用登录评估实验来收集有关密码和密码短语的用户身份验证和用户与系统交互的数据,其次,进行专家评审以验证结果并以模型的形式评估研究人工制品。该模型在根据专家评审反馈进行更新后最终确定。该模型指示成功实施用户身份验证解决方案应考虑的组件。如果考虑所有模型组件,
京公网安备 11010802027423号