Skip to main content

2021 | OriginalPaper | Buchkapitel

Short Paper: Organizational Security: Implementing a Risk-Reduction-Based Incentivization Model for MFA Adoption

verfasst von : Sanchari Das, Andrew Kim, L. Jean Camp

Erschienen in: Financial Cryptography and Data Security

Verlag: Springer Berlin Heidelberg

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Multi-factor authentication (MFA) is a useful measure for strengthening authentication. Despite its security effectiveness, the adoption of MFA tools remains low. To create more human-centric authentication solutions, we designed and evaluated the efficacy of a risk-reduction-based incentivization model and implemented our proposed model in a large-scale organization with more than 92, 025 employees, and collected survey data from 287 participants and interviewed 41 participants. We observed negative perceptions and degraded understandings of MFA technology due to the absence of proper risk and benefit communication in the control group. Meanwhile, the experimental group employees showed positive perceptions of MFA use for their work and personal accounts. Our analysis and implementation strategy are critical for reducing users’ risks, creating positive security tool usage experiences, and motivating users to enhance their security practices.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literatur
4.
Zurück zum Zitat Das, S., Wang, B., Tingle, Z., Camp, L.J.: Evaluating user perception of multi-factor authentication: a systematic review. In: Proceedings of the 13th International Symposium on Human Aspects of Information Security and Assurance (HAISA 2019). HAISA (2019) Das, S., Wang, B., Tingle, Z., Camp, L.J.: Evaluating user perception of multi-factor authentication: a systematic review. In: Proceedings of the 13th International Symposium on Human Aspects of Information Security and Assurance (HAISA 2019). HAISA (2019)
5.
Zurück zum Zitat Furnell, S.M., Bryant, P., Phippen, A.D.: Assessing the security perceptions of personal internet users. Comput. Secur. 26(5), 410–417 (2007) Furnell, S.M., Bryant, P., Phippen, A.D.: Assessing the security perceptions of personal internet users. Comput. Secur. 26(5), 410–417 (2007)
7.
Zurück zum Zitat Harbach, M., Fahl, S., Smith, M.: Who’s afraid of which bad wolf? a survey of it security risk awareness. In: 2014 IEEE 27th Computer Security Foundations Symposium. pp. 97–110. IEEE (2014) Harbach, M., Fahl, S., Smith, M.: Who’s afraid of which bad wolf? a survey of it security risk awareness. In: 2014 IEEE 27th Computer Security Foundations Symposium. pp. 97–110. IEEE (2014)
8.
Zurück zum Zitat Harbach, M., Hettig, M., Weber, S., Smith, M.: Using personal examples to improve risk communication for security and privacy decisions. In: Proceedings of the 32nd Annual ACM Conference on Human Factors in Computing Systems. pp. 2647–2656. ACM (2014) Harbach, M., Hettig, M., Weber, S., Smith, M.: Using personal examples to improve risk communication for security and privacy decisions. In: Proceedings of the 32nd Annual ACM Conference on Human Factors in Computing Systems. pp. 2647–2656. ACM (2014)
9.
Zurück zum Zitat Krol, K., Philippou, E., De Cristofaro, E., Sasse, M.A.: They brought in the horrible key ring thing! analysing the usability of two-factor authentication in uk online banking. arXiv preprint arXiv:1501.04434 (2015) Krol, K., Philippou, E., De Cristofaro, E., Sasse, M.A.: They brought in the horrible key ring thing! analysing the usability of two-factor authentication in uk online banking. arXiv preprint arXiv:​1501.​04434 (2015)
10.
11.
12.
13.
Zurück zum Zitat Sedera, D., Dey, S.: User expertise in contemporary information systems: conceptualization, measurement and application. Inf. Manage 50(8), 621–637 (2013) Sedera, D., Dey, S.: User expertise in contemporary information systems: conceptualization, measurement and application. Inf. Manage 50(8), 621–637 (2013)
14.
Zurück zum Zitat Viega, J., Kohno, T., Potter, B.: Trust and mistrust in secure applications. Commun. ACM 44(2), 31–36 (2001) Viega, J., Kohno, T., Potter, B.: Trust and mistrust in secure applications. Commun. ACM 44(2), 31–36 (2001)
15.
Zurück zum Zitat Weinstein, N.D.: Unrealistic optimism about future life events. J. Pers. Soc. Psychol. 39(5), 806 (1980) Weinstein, N.D.: Unrealistic optimism about future life events. J. Pers. Soc. Psychol. 39(5), 806 (1980)
Metadaten
Titel
Short Paper: Organizational Security: Implementing a Risk-Reduction-Based Incentivization Model for MFA Adoption
verfasst von
Sanchari Das
Andrew Kim
L. Jean Camp
Copyright-Jahr
2021
Verlag
Springer Berlin Heidelberg
DOI
https://doi.org/10.1007/978-3-662-64331-0_21

Premium Partner