Managing the Trade-off Between Usability and Security in Knowledge-Based Authentication

Knowledge-based authentication (KBA) is the process where users authenticate their identities by having knowledge of a specific secret which confirms the authentication e.g. passwords. Humans have issues with remembering non-meaningful strings, so they keep choosing weak passwords. This clearly shows the trade-off between usability and security where a decrease in usability might negatively impact security. To overcome this issue, user authentication approaches should find a way to reduce the burden on user's memory so they can choose stronger passwords. The relation between security and usability is much complicated than that. For example, increasing security measures might decrease usability. So, in this paper we argue that this trade-off must be managed effectively. A hybrid authentication system is proposed as an alternative to the traditional password-based authentication. A user study was used to investigate the feasibility of this alternative system by integrating it into a students' university portal.