Abstract

The security and usability challenges of password-based authentication have driven ongoing research into alternative cryptographic authentication systems. This dissertation explores the design, implementation, and evaluation of authentication mechanisms that enhance security while maintaining usability. Specifically, we investigate the limitations of existing passwordless authentication systems, such as FIDO2, and propose novel solutions that improve account recovery, user mental models, and adoption rates. We introduce Let's Authenticate, a certificate-based authentication system designed to address usability and security concerns inherent in existing models. Through iterative development and empirical studies, we compare this approach against contemporary methods like passkeys and password managers. Additionally, we examine how users form mental and threat models of authentication systems, highlighting the cognitive barriers to adoption. Finally, we evaluate real-world implementations of passkeys, analyzing user experiences, security perceptions, and deployment challenges. Our findings provide insights into the future of passwordless authentication, emphasizing the importance of intuitive design, transparent security assurances, and seamless account recovery. This work contributes to the broader field of authentication research by proposing practical improvements to existing frameworks and refining the theoretical understanding of user adoption in cryptographic authentication.

Degree

PhD

College and Department

Computer Science; Computational, Mathematical, and Physical Sciences

Rights

https://lib.byu.edu/about/copyright/