Factors for Measuring Password-based Authentication Practices

Authors

Herbert J. Mattord, Kennesaw State UniversityFollow
Yair Levy, Nova Southeastern University
Steven Furnell, Plymouth University

Department

Information Systems

Document Type

Article

Publication Date

7-16-2014

Abstract

Organizations rely on password-based authentication methods to control access to their Web-based systems. This research study developed a benchmarking instrument intended to assess authentication methods used in such systems, focusing on three component areas: 1) password strength requirements, 2) password usage methods, and 3) password reset requirements. This study explores the criteria required to define these component areas and validated proposed measurement criteria by use of an expert panel from industry and academia. An opportunity sample of web-based ISs in two groups were assessed to examine the use of the Authentication Method System Index (AMSI).