| Passwords have been dominating user authentication for more than half a century, and many researchers believe that they will continue as a key part of the user authentication world in the foreseeable future. The well-known usability-security problem of textual passwords, i.e., the difficulty for human users to choose strong and easy-to-remember passwords, has received a considerable attention over many years. Many alternative solutions have been proposed to replace textual passwords, however, none of them can keep all advantages of textual passwords without bringing new problems. As a consequence, hybrid user authentication systems such as multi-factor authentication (MFA) has been widely suggested for security-critical applications such as e-banking systems. Such hybrid user authentication systems normally lead to higher usability costs, so are not ideal solutions for all applications. The hybrid nature also means organizations and service providers have to deploy and maintain different user authentication components, thus making reconfiguration of such systems more complicated.;This thesis looks at several less-studies but still important areas of user authentication: how human users perceive objective ratings given by computer programs such as proactive password checkers (PPCs) and subjective ratings given by human experts, how human users can be better educated about password security, and how we can overcome the current drawbacks of hybrid user authentication systems to improve user experience and enhance reconfigurability of such systems. Our research led to some new insights on how human users perceive password strength ratings, a new password security education tool, and a novel "all in one'' and backward compatible user authentication framework. (Abstract shortened by ProQuest.). |
