To solve the long-standing problems users have in creating and remembering text passwords, a wide variety of alternative authentication schemes have been proposed. Some of these schemes outperform others by various metrics in various contexts. However, none unilaterally outperform all others, and so text passwords persist as the main scheme applications depend upon. In this paper, we challenge the long-standing assumption that only one authentication scheme can be offered by an application service. We propose Choose Your Own Authentication (CYOA): a novel authentication architecture that enables users to choose a scheme amongst several available alternatives. CYOA would enable users to select whichever scheme best suits their preferences, abilities, and usage context. Existing text password systems could easily be replaced. Furthermore, the three-party architecture would enable delegating the management of authentication systems to trusted-third parties. The architecture allows rapid deployment and testing of novel authentication technologies. Our two-week usability study suggests that participants were willing to leverage alternative schemes. Participants were confident that CYOA could keep their financial information secure.

Additional Metadata
Keywords Authentication, Survey, Usable security, User study
Persistent URL
Conference New Security Paradigms Workshop, NSPW 2015
Forget, A. (Alain), Chiasson, S, & Biddle, R. (2015). Choose your own authentication. Presented at the New Security Paradigms Workshop, NSPW 2015. doi:10.1145/2841113.2841114