Factors for Measuring Password-Based Authentication Practices
Organizations rely on password-based authentication methods to control access to their Web-basedMattord HJ, Levy Y, Furnell SM
systems. This research study developed a benchmarking instrument intended to assess authentication
methods used in such systems, focusing on three component areas: 1) password strength requirements,
2) password usage methods, and 3) password reset requirements. This study explores the
criteria required to define these component areas and validated proposed measurement criteria by
use of an expert panel from industry and academia. An opportunity sample of web-based ISs in two
groups were assessed to examine the use of the Authentication Method System Index (AMSI).