Assessing and improving authentication confidence management

Purpose-The purpose of this paper is to address some weaknesses in the handling of current multi-factor authentication, suggests some criteria for overcoming these weaknesses and presents a simple proof of concept authentication system. Design/methodology/approach-First, this paper evaluates some of the underlying practices and assumptions in multi-factor authentication systems. Next, the paper assesses the implications of these when compared to a quantitative authentication risk management approach. Based upon these implications this paper next note the requirements for an improved system and detail some related research areas that meet these requirements. Finally, this paper discussed how a system that meets these requirements through the application of that research could provide benefits and outlined a simple points-based authentication system. Findings-The paper proposes that many of the weaknesses in authentication confidence management could be effectively mitigated through the deployment of a factor independent multi-modal fusion quantitative authentication-based system. This paper details a simple point-based approach that does this and discuss how addressing the problems in handling authentication confidence could further optimise risk management in multi-factor authentication systems. Practical implications-This paper's suggestions for optimising multi-factor authentication have many implications within medium to high-security commercial and government applications. Correct authentication risk handling enables decisions regarding risk and authentication to be made more accurately. Originality/value-This implications of the issues discussed in this paper have relevance to anyone who deploys or uses any medium to high-security authentication system. As the bottom end of the medium to high-security range includes online banking, there are implications for a wide range of stakeholders.