Towards More Trustworthy Interfaces for User Authentication
Dr. Burt Kaliski
Vice President of Research at RSA Security
The current interest in stronger user authentication has often focused on the choice of _authentication mechanism_: the credentials and/or factors held by the user, the evidence of those factors presented by the user, and the protocols by which the evidence is demonstrated to a verifier. These considerations are all important, but they are incomplete without attention to one more aspect: the user interface by which the user presents the authentication evidence to the system. In this talk, I'll show how an authentication mechanism that is stronger in theory can actually be weaker in practice due to an untrustworthy user interface. I'll also compare several recently proposed methods for improving the trustworthiness of those interfaces. The talk will conclude with recommendations for implementing these improvements in existing and emerging systems.