Title :
Using Fingerprint Authentication to Reduce System Security: An Empirical Study
Author :
Wimberly, Hugh ; Liebrock, Lorie M.
Author_Institution :
Dept. of Comput. Sci. & Eng., New Mexico Inst. of Min. & Technol., Socorro, NM, USA
Abstract :
Choosing the security architecture and policies for a system is a demanding task that must be informed by an understanding of user behavior. We investigate the hypothesis that adding visible security features to a system increases user confidence in the security of a system and thereby causes users to reduce how much effort they spend in other security areas. In our study, 96 volunteers each created a pair of accounts, one secured only by a password and one secured by both a password and a fingerprint reader. Our results strongly support our hypothesis - on average. When using the fingerprint reader, users created passwords that would take one three-thousandth as long to break, thereby potentially negating the advantage two-factor authentication could have offered.
Keywords :
authorisation; fingerprint identification; fingerprint authentication; fingerprint reader; security architecture; system security reduction; user behavior; user confidence; Authentication; Complexity theory; Entropy; Frequency measurement; Markov processes; risk compensation; security policy; two-factor authentication; user study;
Conference_Titel :
Security and Privacy (SP), 2011 IEEE Symposium on
Conference_Location :
Berkeley, CA
Print_ISBN :
978-1-4577-0147-4
Electronic_ISBN :
1081-6011
