IMPACT OF USER EXPERIENCE ON SECURITY: BALANCING USABILITY AND SECURITY IN IAM SOLUTIONS
Keywords:
User Experience (UX) In Cybersecurity, Adaptive Authentication, Passwordless IAM Solutions, Security-Usability BalanceAbstract
This comprehensive article explores the critical interplay between user experience (UX) and security in Identity and Access Management (IAM) solutions. It examines the challenges organizations face in balancing robust security measures with user-friendly interfaces, highlighting how this balance significantly impacts user adoption, compliance with security policies, and overall system effectiveness. The article delves into the consequences of poor usability in IAM systems, including user fatigue, risky workarounds, and potential security vulnerabilities. Conversely, it showcases the benefits of user-centric approaches such as adaptive security measures, passwordless authentication, and Single Sign-On (SSO) implementations. Through an analysis of case studies and emerging trends, the article provides insights into successful IAM strategies that enhance both security and user satisfaction. It also looks ahead to future developments in IAM, including the integration of artificial intelligence, blockchain technology, and advanced biometrics. By synthesizing current research and industry practices, this article offers valuable guidance for organizations seeking to implement effective, user-friendly IAM solutions that strengthen security postures without sacrificing usability, ultimately fostering a culture of security consciousness aligned with user needs and organizational objectives.
References
Garfinkel, Simson, and Heather Richter Lipford. Usable security: History, themes, and challenges. Morgan & Claypool Publishers, 2014. [Online]. Available: https://books.google.co.in/books?hl=en&lr=&id=HPS9BAAAQBAJ&oi=fnd&pg=PR11&dq=Usable+Security:+Tradeoffs+and+Challenges,%22+IEEE+Security+%26+Privacy&ots=rjEtksETOJ&sig=EGS7zRcrkJj5JSrL0GO4C0Zkr2g
M. A. Sasse, S. Brostoff, and D. Weirich, "Transforming the 'weakest link' — a human/computer interaction approach to usable and effective security," BT Technology Journal, vol. 19, no. 3, pp. 122-131, 2001. [Online]. Available: https://link.springer.com/article/10.1023/A:1011902718709
A. Beautement, M. A. Sasse, and M. Wonham, "The compliance budget: Managing security behaviour in organisations," in Proc. 2008 New Security Paradigms Workshop, 2008, pp. 47-58. [Online]. Available: https://dl.acm.org/doi/10.1145/1595676.1595684
D. Wang, Q. Gu, X. Huang, and P. Wang, "Understanding Human-Chosen PINs: Characteristics, Distribution and Security," in Proc. 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017, pp. 1365-1382. [Online]. Available: https://dl.acm.org/doi/10.1145/3052973.3053031
J. M. Stanton, K. R. Stam, P. Mastrangelo, and J. Jolton, "Analysis of end user security behaviors," Computers & Security, vol. 24, no. 2, pp. 124-133, 2005. [Online]. Available: https://www.sciencedirect.com/science/article/abs/pii/S0167404804001841
Nongbri, Iadalin & Hadem, Pynbianglut & Chettri, Sarat. (2018). A Survey on Single Sign-On. 6. 10.5281/zenodo.5763157. [Online]. Available: https://zenodo.org/records/5763157
A. Bhargav-Spantzel, A. Squicciarini, and E. Bertino, "Privacy preserving multi-factor authentication with biometrics," Journal of Computer Security, vol. 15, no. 5, pp. 529-560, 2007. [Online]. Available: https://dl.acm.org/doi/10.1145/1179529.1179540
S. Furnell and R. Esmael, "Evaluating the effect of guidance and feedback upon password compliance," Computer Fraud & Security, vol. 2017, no. 1, pp. 5-10, 2017. [Online]. Available: https://www.sciencedirect.com/science/article/abs/pii/S1361372317300052
Rafy, Md. Fazley. (2024). Artificial Intelligence in Cyber Security. 10.13140/RG.2.2.19552.66561. [Online]. Available: https://www.researchgate.net/publication/377235308_Artificial_Intelligence_in_Cyber_Security
Hummer, M., Kunz, M., Netter, M. et al. Adaptive identity and access management—contextual data based policies. EURASIP J. on Info. Security 2016, 19 (2016). https://doi.org/10.1186/s13635-016-0043-2
