Purpose - This paper aims to propose that more useful novel schemes could develop from a more principled examination and application of promising authentication features. Text passwords persist despite several decades of evidence of their security and usability challenges. It seems extremely unlikely that a single scheme will globally replace text passwords, suggesting that a diverse ecosystem of multiple authentication schemes designed for specific environments is needed. Authentication scheme research has thus far proceeded in an unstructured manner. Design/methodology/approach - This paper presents the User-Centred Authentication Feature Framework, a conceptual framework that classifies the various features that knowledge-based authentication schemes may support. This framework can used by researchers when designing, comparing and innovating authentication schemes, as well as administrators and users, who can use the framework to identify desirable features in schemes available for selection. Findings - This paper illustrates how the framework can be used by demonstrating its applicability to several authentication schemes, and by briefly discussing the development and user testing of two framework-inspired schemes: Persuasive Text Passwords and Cued Gaze-Points. Originality/value - This framework is intended to support the increasingly diverse ecosystem of authentication schemes by providing authentication researchers, professionals and users with the increased ability to design, develop and select authentication schemes better suited for particular applications, environments and contexts.

Additional Metadata
Keywords Authentication, Computer security, Computer users Paper type Conceptual paper, Framework, Memory, Persuasion
Persistent URL dx.doi.org/10.1108/ICS-08-2014-0058
Journal Information and Computer Security
Forget, A. (Alain), Chiasson, S, & Biddle, R. (2015). User-centred authentication feature framework. Information and Computer Security, 23(5), 497–515. doi:10.1108/ICS-08-2014-0058