Access Restriction

Author Renaud, Karen ♦ De Angeli, Antonella
Source ACM Digital Library
Content type Text
Publisher Association for Computing Machinery (ACM)
File Format PDF
Language English
Abstract Introduction Users of computer systems are accustomed to being asked for passwords -- it is as universal as it is frustrating. In the past there was little tolerance for the problems experienced remembering passwords, and many users still remember, with embarrassment, having to go hat-in-hand to request a password change and being treated with disdain by a lofty administrator. Latterly there is more understanding of the problems experienced by users, especially since the "password conundrum" has reached epidemic proportions for Web users, who are asked for passwords with unrelenting predictability. The problems with passwords are clear -- users cannot remember numbers of meaningless alphanumeric strings with ease. Hence, they react by choosing simple and predictable words or numbers related to their everyday life, and engaging in insecure practices, such as writing passwords down or sharing them. These practices cause a breach affecting even the most secure and protected network system. Hence the user is often called the weakest link of the security chain, with system administrators despairing of trying to maintain security with the weak link so often reaching breaking point. Users forgetting passwords has serious economical consequences for organizations. Both academia and industry have been investigating alternatives to passwords, with varying degrees of success. One of the most well-known solutions is the biometric -- measurement of either behavioral or physiological characteristics of the end-user. This is obviously superior to the password because it removes the burden on the user's memory. So why don't we just switch to biometrics and give the poor user a break? There are some valid and hard-to-overcome reasons for the slow uptake of biometrics, but before we can discuss them we need to consider the mechanics of authentication.
Description Affiliation: University of Glasgow, United Kingdom (Renaud, Karen) || The University of Manchester, UK (De Angeli, Antonella)
Age Range 18 to 22 years ♦ above 22 year
Educational Use Research
Education Level UG and PG
Learning Resource Type Article
Publisher Date 2005-08-01
Publisher Place New York
Journal Communications of the ACM (CACM)
Volume Number 52
Issue Number 12
Page Count 6
Starting Page 135
Ending Page 140

Open content in new tab

   Open content in new tab
Source: ACM Digital Library