You're Mitigating The Security Vulnerabilities In Authentication - But Ignoring The Usability Vulnerabilities

Security and risk professionals know what to do with security vulnerabilities: we mitigate the risk directly as best we can, and put in place compensating controls when we can't change the underlying dynamic. But in the age of the customer, upping our game in authentication strategies has forced us to take a harder look at an area that, generally speaking, is not our specialty at all.

User experience.

Last summer, Forrester published a Customer Authentication Assessment Framework that leveraged some exciting academic research called “The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes” out of the University of Cambridge Computer Laboratory. (Gunnar Peterson has a recent post highlighting the arc and nature of these researchers' work, and even has a nice back-and-forth in the comments with contributor Cormac Herley of Microsoft Research.)

Read more