Passphrase and keystroke dynamics authentication: Usable security

It was found that employees spend a total of 2.25 days within 60 days on password-related activities. The time consumed by this is unproductive and has a negative impact on usability. The problem is caused by current text-based user authentication policies in use. This study aims to address this research problem by assessing the effectiveness of a proposed two-tier user authentication solution involving passphrases and keystroke dynamics. A design science research approach was used to guide this study, the theoretical foundation of which included three theories: the Shannon Entropy theory which was used to calculate the strength of passwords, passphrases and keystroke dynamics; Chunking theory assisted in assessing password and passphrase memorisation issues; and the Keystroke Level model was used to assess password and passphrase typing issues. Two primary data collection methods were used to evaluate the findings and to ensure that gaps in the research were filled. Firstly, a login assessment experiment was used to collect data on user authentication and user-system interaction for passwords and passphrases and, secondly, an expert review was conducted to validate findings and assess the research artefact in the form of a model. The model was finalised after it had been updated based on the expert review feedback. The model indicates the components that should be considered to implement the user authentication solution successfully. If all the model components are considered, the proposed two-tier user authentication solution has the potential to improve security and usability in the user authentication process. (C) 2020 Elsevier Ltd. All rights reserved.