SaTC 2.0: RES: Tracking the Usability of Secure Authentication Systems
Clemson University, Clemson SC
Investigators
Abstract
Whether entering a password, using FaceID, or confirming a push notification, people authenticate (prove their identity) to access accounts and information. While authentication tools like passwords, multi-factor authentication, and biometrics help keep data secure, their design and frequency can interrupt important tasks and cause people time, effort, and frustration. These burdens can lead users to take shortcuts that make authenticating easier but threaten security, such as reusing passwords across accounts. This project addresses the human side of authentication by examining how often, when, why, and how people authenticate and the challenges they face while doing so. By identifying common patterns and barriers across contexts, including contexts that are key to the future success of AI, this research informs the design of authentication systems that are more usable, efficient, and aligned with users' daily lives. The research insights will ultimately support US national interests by strengthening cybersecurity and enhancing access to information and services by making systems more secure and easier to use. This project takes an interdisciplinary approach to improve authentication by focusing on human factors. Little systematic research has been carried to understand how often, when, and how people authenticate, and the associated personal and professional costs of authentication. By evaluating authentication across domains and contexts, this project produces novel, authentication-tracking tools to obtain detailed metrics about users’ daily authentication patterns and assesses cross-cutting themes from two domains: traditional large organizations and microtask crowdsourcing platforms (which underpin progress in AI). An annotated database of observed authentication events, combined with surveys, time diaries, and interviews, helps identify usability challenges, interruptions, and associated risks. Findings are applied to propose future directions for forward-thinking authentication systems that minimize costs, enhance usable security, and consider how to preemptively address threats posed by advancements in AI. These insights promote a more trustworthy cyberspace and support national cybersecurity. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →