all InfoSec news
Costs and benefits of authentication advice. (arXiv:2008.05836v2 [cs.CR] UPDATED)
cs.CR updates on arXiv.org arxiv.org
Authentication security advice is given with the goal of guiding users and
organisations towards secure actions and practices. In this paper, we
demonstrate that security advice can be ambiguous, contradictory and at times
may not even have any clear benefits. We expand on current work by defining a
formal approach to identifying costs of security advice and instigate a user
study to identify the costs that apply to a large range of authentication
advice. We also apply a simple framework …
actions advice authentication authentication security benefits current identify large may practices security security advice study work