There are multiple techniques for users to authenticate themselves in software applications, such as text passwords, smart cards, and biometrics. Two or more of these techniques can be combined to increase security, which is known as multifactor authentication. Systems commonly utilize authentication as part of their access control with the objective of protecting the information stored within them. However, the decision of what authentication technique to implement in a system is often taken by the software development team in charge of it. A poor decision during this step could lead to a fatal mistake in relation to security, creating the necessity for a method that systematizes this task. Thus, this book chapter presents a theoretical decision framework that tackles this issue by providing guidelines based on the evaluated application’s characteristics and target context. These guidelines were defined through the application of an extensive action-research methodology in collaboration with experts from a multinational software development company.
Part of the book: Computer and Network Security