Upload File

transparency and usability of web authentication

  • Home
  • Documents
  • Transparency and Usability of Web Authentication
15
Transparency and Usability of Web Authentication Personalized Web Experience Kenneth L Wright II Electronic Fraud Analyst World Savings Bank, FSB The views expressed in this position paper are those of the author, and do not necessarily reflect those of the author’s employer, World Saving Bank, FSB or its parent company, Golden West financial.

Upload: others

Post on 12-Sep-2021

3 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Transparency and Usability of Web Authentication

Transparency and Usability ofWeb Authentication

Personalized Web Experience

Kenneth L Wright IIElectronic Fraud AnalystWorld Savings Bank, FSB

The views expressed in this position paper are those of the author, and do not necessarily reflect those of the author’s employer, World Saving Bank, FSB or its parent company, Golden West financial.

Page 2: Transparency and Usability of Web Authentication

Overview

• FFIEC Requirements

• Consumer Trusted Channel

• Personalized Experience

• Customer Education

Page 3: Transparency and Usability of Web Authentication

FFIEC as a Starting Point

“Where risk assessments indicate that the use of single-factor authentication is inadequate, financial institutions should implement multifactor authentication, layered security, or other controls”

Page 4: Transparency and Usability of Web Authentication

Authentication Techniques, Processes, & Methodologies

• Shared Secrets

• Tokens

• Smart Card

• Biometrics

• Non-Hardware-Based One-Time-Password Scratch Card

• Out-of-Band Authentication

• Internet Protocol Address (IPA) Location and Geo-Location

• Mutual Authentication

Page 5: Transparency and Usability of Web Authentication

Mutual Authentication:

Mutual authentication is a process whereby customer identity is authenticated and the target Web site is authenticated to the customer.

• phishing / fraudulent email?

• pharming / fraudulent websites?

Mutual Authentication technology aid in the protection against

Page 6: Transparency and Usability of Web Authentication

Mimicking a Trusted Channel

Recognized Branch Banking Experience ~

• Known Location• Welcome Greeting• Personalized experience with a teller• Account history summary

Page 7: Transparency and Usability of Web Authentication

Personalized Web Experience

“Reverse Biometric Authenticator”Site validating itself to the customer by providing the end-user with unique visual trait or behavioral characteristicthat the site operates.

•Background Color•Font Color•Text Message•Graphic Image•Phrase Displayed•Voice Greeting

•Session Timer•Transactional History•Security Checklist

Page 8: Transparency and Usability of Web Authentication

Personalized visual indicators such as:

•Background Color •Font Color•Text Message

Low Level Authentication

Page 9: Transparency and Usability of Web Authentication

Low Level Authentication

Page 10: Transparency and Usability of Web Authentication

Personalized visual indicators such as:

•Background Color •Font Color•Text Message•Graphic Image•Phrases Greeting•Voice Greeting

Mid Level Authentication

Page 11: Transparency and Usability of Web Authentication

Mid Level Mutual Authentication

Page 12: Transparency and Usability of Web Authentication

Personalized visual indicators such as:

•Background Color •Font Color•Text Message•Graphic Image•Phrases Greeting•Voice Greeting

•Session Timer•Transactional History•Security Checklist

High Level Authentication

Page 13: Transparency and Usability of Web Authentication

High Level Mutual Authentication

Page 14: Transparency and Usability of Web Authentication

Conclusion:• Personalize experience for the end-user

• Consistent authenticator across the web

• Better placement of fraud tips and info

If widely accepted this method of personalized visualand behavioral indicators can heighten an end-user consciousness of safe data sharing procedures overinternet channels.

Page 15: Transparency and Usability of Web Authentication

Kenneth L Wright IIElectronic Fraud AnalystElectronic Fraud Research+1 510 [email protected]


Outline User authentication –Password authentication, salt –Challenge-response authentication protocols –Biometrics –Token-based authentication Authentication

Voice Biometrics: Balancing Security, Usability and ... · Voice biometrics is the least intrusive of all biometric modalities used for authentication. Voice authentication can be

Bridging the Usability Gap New models for secure and usable authentication APGridPMA Plenary Meeting Taipei, 8 March 2010

018 - Usability Geek - Website Usability Through Automated Usability Evaluation

Lensbest.de relaunch – for improved transparency in … · Lensbest.de relaunch – for improved transparency in terms of usability and in ... relaunch was to address the change

BIOMETRIC AUTHENTICATION SECURITY AND USABILITY · Biometric Authentication -Security and Usability 231 Most biometric techniques are based on something that cannot be lost or forgotten

The Usability of Usability

Usable Security - Computer Security Lecture 17Psychology and Usability Usability Background Research in Usability and Security Usable Authentication Password Authentication Challenge

Blast Blockchain-Assisted Key Transparency for Device ... · Blast Blockchain-Assisted Key Transparency for Device Authentication Alessandro Gattolin, Cristina Rottondi, Giacomo Verticale

Portal Authentication: A Balancing Act Between Security Usability and Compliance

Stronger Authentication in a Federated Worldevents.oasis-open.org/home/sites/events.oasis-open... · Soft Certificates Issues with Usability and Security Support Cost Centrally Stored

FINDING USABILITY PROBLEMS THROUGH HEURISTIC EVALUATION usability... · Usability problems, Usability expertise, Discount usability engineering, Telephone-operated interfaces. INTRODUCTION

A Security Usability Protocol for User Authentication - UQAMA Security Usability Protocol for User Authentication University of Quebec at Montreal Prof. Dr. Mounir Bokadoum • Director

AUTHENTICATION MELEE A Usability Analysis of Seven Web Authentication Systems Scott Ruoti, Brent Roberts, Kent Seamons Internet Security Research Lab Brigham

Finger ECG Signal for User Authentication: Usability and ...biometrics.cse.msu.edu/Publications/SoftBiometrics/Silva...Finger ECG Signal for User Authentication: Usability and Performance

Usability & Usability Engineering

Usability, Affordance, and Usability Principlesuser.ceng.metu.edu.tr/~tcan/se705_s0910/Schedule/se705_week2.pdf · Usability, Affordance, and Usability Principles Visual affordances

Authentication Melee: A Usability Analysis of Seven Web ...Brigham Young University BYU ScholarsArchive All Theses and Dissertations 2015-04-01 Authentication Melee: A Usability Analysis

EXPERIENCE SIMPLER, STRONGER AUTHENTICATION · 2019. 11. 16. · DEMO EXAMPLE STEP 3 . 26 UAF AUTHENTICATION DEMO EXAMPLE STEP 4 . USABILITY, SECURITY and PRIVACY 27. 28 No 3rd Party

Authentication. TOPICS Objectives Legacy Authentication Protocols IEEE 802.1X Authentication Extensible Authentication Protocol (EAP) Authentication Servers

Data Sheet CloudSOC Gateway - CCP Software GmbHSymantec DLP, authentication, encryption, threat protection, and secure web gateway solutions. Key Features Specifications Usability

A Personalization Method based on Human Factors for ...um.org/umap2014/media/presentations/umap_belk.pdf · for Improving Usability of User Authentication Tasks ... through usable

Usability Engineering. 2 Contents Usability Engineering Know the user Task analysis Usability metrics The usability engineering process

Mobile resource problems: Authentication and usability

Usability 2004 J T Burns1 Usability & Usability Engineering

The Identification Level of Security, usability and Transparency Effects on Trust in B2C Commercial Websites Using Adaptive Neuro Fuzzy Inference System (ANFIS)

Usability 2009 J T Burns1 Usability & Usability Engineering

A Usability Study of Five Two-Factor Authentication [email protected]. Title: A Usability Study of Five Two-Factor Authentication Methods Author: Jonathan Dutson Created

Security and Usability of Password Based User Authentication Systems Hatim Alsuwat Sami Alsuwat

Biometric Authentication on iPhone and Android: … · Biometric Authentication on iPhone and Android: Usability, Perceptions, and Influences on Adoption Chandrasekhar Bhagavatula,

Voice Biometrics: Balancing Security, Usability and ... · authentication experience while providing a high degree of accuracy. Security and Accuracy Technical improvements in microphones

Usability of PIV Smartcards for Logical Accessinformation system authentication, to support PKI, and as an identity card. Smartcard-based authentication is recognized as being one

NCICS / CICS-NC Overview · 2017. 11. 16. · curating and providing data quality information to users for enhanced transparency and usability. • Development and application of

Usability and Acceptance of UF-IBA, Image-Based ... · Index Terms-user authentication, image-based authentication (IBA), usability, security, key logging, symbol entropy. 1. INTRODUCTION

Usability of authentication in web applications – a literature