A Typology of Authentication Systems
This work addresses the problem of insecure authentication systems for IT professionals and organizations, but it appears incremental as it focuses on typology rather than novel solutions.
The paper examines authentication systems from both organizational and user perspectives, arguing that designing systems solely around technical specifications without considering end users can compromise security.
Authentication systems are designed to give the right person access to an organization's information system and to restrict it from the wrong person. Such systems are designed by IT professionals to protect an organization's assets (e.g., the organization's network, database, or other information). Too often, such systems are designed around technical specifications without regard for the end user. We argue that doing so may actually compromise a system's security. This paper examines authentication systems from both the point of view of the organization and that of the user.