Verify It's You: How Users Perceive Risk-based Authentication

Stephan Wiefling, Markus Dürmuth, Luigi Lo Iacono

IEEE Security & Privacy, Volume 19, Issue 6, November-December 2021


Risk-based authentication (RBA) is an adaptive security measure to strengthen password-based authentication against account takeover attacks. Our study on 65 participants shows that users find RBA more usable than two-factor authentication equivalents and more secure than password-only authentication. We identify pitfalls and provide guidelines for putting RBA into practice.

[DOI] [Paper]

tags: authentication, perception, risk-based authentication