An Expert Panel Approach on Developing a Unified System Authentication Benchmarking Index

Authors:
Herbert J. Mattord;Yair Levy;Steven Furnell
Affiliations:
Coles College of Business, Kennesaw State University, Kennesaw, GA, USA;Graduate School of Computer and Information Sciences, Nova Southeastern University, Ft. Lauderdale, FL, USA;Centre for Security, Communications and Network Research, Plymouth University, Plymouth, Devon, UK
Venue:
International Journal of Interdisciplinary Telecommunications and Networking
Year:
2013

Citing 14
Cited 0

Authentication, access control, and audit

ACM Computing Surveys (CSUR)
Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems

International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Access Control Systems: Security, Identity Management and Trust Models

Access Control Systems: Security, Identity Management and Trust Models
Quality of Password Management Policy

ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
The usability of passphrases for authentication: An empirical field study

International Journal of Human-Computer Studies
The Good and Not So Good of Enforcing Password Composition Rules

Information Systems Security
The use of passwords for controlling access to remote computer systems and services

AFIPS '77 Proceedings of the June 13-16, 1977, national computer conference
Using a benchmark in case-based multiple-criteria ranking

IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Password Strength Prediction Using Supervised Machine Learning Techniques

ACT '09 Proceedings of the 2009 International Conference on Advances in Computing, Control, and Telecommunication Technologies
Usable security: User preferences for authentication methods in eBanking and the effects of experience

Interacting with Computers
Principles of Information Security

Principles of Information Security
EnFilter: a password enforcement and filter tool based on pattern recognition techniques

ICIAP'05 Proceedings of the 13th international conference on Image Analysis and Processing
Metrics of password management policy

ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part III
Password Replacement: Replacing passwords: in search of the secret remedy

Network Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Network-based applications still rely heavily on password-based authentication methods to control access. In a recent study, a benchmarking instrument was used to assess authentication methods used in such systems. The authors' instrument was built on an extensive literature foundation and was validated with an expert panel assessment. This paper reports on the development of the instrument and the expert panel assessment. The initial draft of the instrument was derived from literature to assess 1 password strength requirements, 2 password usage methods, and 3 password reset requirements. Criteria within the index were evaluated by an expert panel, who also provided opinions on the relative weights of the criteria and measures. The expert panel results were analyzed using Multi-Criteria Decision Analysis MCDA techniques. Their results revealed that out of 100% allocation, Password Strength Measure PSM was the dominant factor in the aggregated perception of the panel of experts with weight of 43.1%, followed by Password Initialization and Reset Measure PIRM with weight of 29.2%, and Password Usage Measure PUM with weight of 27.7%. They concluded with discussions on how criteria were assembled, how the panel was conducted, and results from the panel. The results reported include the relative weights of the three measures within the unified system authentication benchmarking index.