Factors for measuring password-based authentication practices

Organizations rely on password-based authentication methods to control access to their Web-based systems. This research study developed a benchmarking instrument intended to assess authentication methods used in such systems, focusing on three component areas: 1) password strength requirements, 2) password usage methods, and 3) password reset requirements. This study explores the criteria required to define these component areas and validated proposed measurement criteria by use of an expert panel from industry and academia. An opportunity sample of web-based ISs in two groups were assessed to examine the use of the Authentication Method System Index (AMSI).