On Risk-Based Authentication

On Risk-Based Authentication

Interesting usability study: “More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication“:

Abstract: Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional features during login, and when observed feature values differ significantly from previously seen ones, users have to provide additional authentication factors such as a verification code. RBA has the potential to offer more usable authentication, but the usability and the security perceptions of RBA are not studied well.

We present the results of a between-group lab study (n=65) to evaluate usability and security perceptions of two RBA variants, one 2FA variant, and password-only authentication. Our study shows with significant results that RBA is considered to be more usable than the studied 2FA variants, while it is perceived as more secure than password-only authentication in general and comparably se-cure to 2FA in a variety of application types. We also observed RBA usability problems and provide recommendations for mitigation.Our contribution provides a first deeper understanding of the users’perception of RBA and helps to improve RBA implementations for a broader user acceptance.

Paper’s website. I’ve blogged about risk-based authentication before.

Sidebar photo of Bruce Schneier by Joe MacInnis.

Nihilistic Password Security Questions

Farewell and adieu to you…September 18, 2020 4:59 PM


I don’t know what the laws are like where most people are but,

“What is your ex-wife’s newest lastname?”

Would be considered a celebration, not Nihilistic in a number of places.

Because that would mean she had got married again which under archaic laws she’s someone elses legal responsibility now. So,

1, No more alimony check,

And in some places,

2, No more child support,

3, The required selling out from under the new “happy couple” of the old matrimonial home…

But at the very least you will know you are not the only one without “the sense God gave a goose” and in all probability she was better looking back when you made that mistake so your excuse is slightly better.

But joking aside, the sad truth is the only people that win in divorces are those shark lawyers.

So the way to stop them taking a bite out of either of the now nolonger happy couple is don’t get in their clutches…

And the best way to do that as it’s been said on this blog,

“The prelude to divorce is marriage, if you don’t get married you can’t get divorced”

Also remember pre-nups may not be valid if you move or a legislator inks a new law…