Authentication Frequency as an Important Design Factor

With an ever-increasing number of briefer interactions with a larger number of different “things”, innovative perspectives on authentication could be helpful. Ideally, authentication solutions are designed to balance requirements of security with those of usability, with the latter including cognitive ability for choosing credentials such as passwords, and memorability of those credentials. Some important variables to consider include the size and complexity of the credential alphabet, the length of the credential, and the number of credentials and accounts. Another important variable is the authentication duration: the time spent authenticating by a user over a period of time. The duration could be computed as the duration for each authentication action, multiplied by the number of actions over a particular time period. If the duration can be reduced, then the user would spend less time on the secondary task of authentication. There are at least a couple of approaches to reducing the overall authentication duration for users: reduce the time required for each authentication action, or reduce the total number of authentications performed. At the WAY workshop, I would like to expand on the latter and discuss the importance of authentication frequency to secure and usable authentication design, including some of my related research activities.