




















Authentication security advice is given with the goal of guiding users and organisations towards secure actions and practices. In this paper, we demonstrate that security advice can be ambiguous, contradictory and at times may not even have any clear benefits. We expand on current work by defining a formal approach to identifying costs of security advice and instigate a user study to identify the costs that apply to a large range of authentication advice. We also apply a simple framework for analysing the authentication related security benefits of advice. This allows us to identify costs and benefits for all classes of security advice.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。