The development of an evaluation model for user authentication methods with security, usability, and usage frequency

Authors

DOI:

https://doi.org/10.15587/1729-4061.2025.333720

Keywords:

authentication, cybersecurity, usability, effectiveness, evaluation, threats, biometrics, tokens, risks, security

Abstract

The object of the study is authentication systems in security-critical environments, especially in healthcare. The addressed problem is the absence of comprehensive frameworks that integrate both threat data and user-centric factors for real-world method comparison.

This study develops and validates a novel evaluation model for assessing the empirical effectiveness of user authentication methods. The proposed model integrates probabilistic threat modeling, usability data, and weighted multi-criteria analysis to generate context-sensitive effectiveness scores, thereby supporting informed decision-making.

Twelve authentication methods were assessed using three criteria: security (resistance to cyber threats), usability (user convenience), and use frequency (real-world adoption). Security coefficients (K2) were computed from threat statistics, while usability and adoption metrics were based on a healthcare survey (n = 70). Weighted normalization (ws = 0.4, wu = 0.3, wf = 0.3) produced overall effectiveness scores (E). The most effective methods were mobile devices (E = 30.915), PIN codes (E = 30.252), and fingerprint authentication (E = 29.235), offering an optimal balance of security and acceptance. Graphical passwords (E = 6.132) and iris scans (E = 7.245) scored lowest due to poor usability and limited adoption.

The model’s feature lies in its holistic integration of threat exposure and empirical user data, along with adaptability to organizational requirements and visual interpretability. This feature distinguishes it from single-dimensional or static assessment models

Author Biographies

Olga Ussatova, Institute of Information and Computational Technologies

PhD

Department of Information Security

Shakirt Makilenov, Al-Farabi Kazakh National University

Master of Science in Engineering

Department of Information Systems

Vladislav Karyukin, Al-Farabi Kazakh National University

PhD

Department of Information Systems

Abdul Razaque, International IT University

PhD

Department of Cybersecurity

Saule Amanzholova, Astana IT university

Candidate of Technical Science, Associate Professor

Department of Intellectual Systems and Cyber Security

Yenlik Begimbayeva, Almaty University of Power Engineering and Telecommunications (AUPET)

PhD, Associate Professor, Head of Department

Department of Cybersecurity

References

  1. Razaque, A., Amsaad, F., Jaro Khan, M., Hariri, S., Chen, S., Siting, C., Ji, X. (2019). Survey: Cybersecurity Vulnerabilities, Attacks and Solutions in the Medical Domain. IEEE Access, 7, 168774–168797. https://doi.org/10.1109/access.2019.2950849
  2. Chaymae, M., Youssef, G., Saida, E. M. (2025). Systematic review for attack tactics, privacy, and safety models in big data systems. Indonesian Journal of Electrical Engineering and Computer Science, 37 (2), 1234. https://doi.org/10.11591/ijeecs.v37.i2.pp1234-1250
  3. Al Sharaa, B., Thuneibat, S. (2024). Ethical hacking: real evaluation model of brute force attacks in password cracking. Indonesian Journal of Electrical Engineering and Computer Science, 33 (3), 1653. https://doi.org/10.11591/ijeecs.v33.i3.pp1653-1659
  4. Alrawili, R., AlQahtani, A. A. S., Khan, M. K. (2024). Comprehensive survey: Biometric user authentication application, evaluation, and discussion. Computers and Electrical Engineering, 119, 109485. https://doi.org/10.1016/j.compeleceng.2024.109485
  5. Cariello, N., Levine, S., Zhou, G., Hoplight, B., Gasti, P., Balagani, K. S. (2024). SMARTCOPE: Smartphone Change Of Possession Evaluation for continuous authentication. Pervasive and Mobile Computing, 97, 101873. https://doi.org/10.1016/j.pmcj.2023.101873
  6. Chen, J., Hengartner, U., Khan, H. (2024). SHRIMPS: A framework for evaluating multi-user, multi-modal implicit authentication systems. Computers & Security, 137, 103594. https://doi.org/10.1016/j.cose.2023.103594
  7. Ryu, R., Yeom, S., Herbert, D., Dermoudy, J. (2023). The design and evaluation of adaptive biometric authentication systems: Current status, challenges and future direction. ICT Express, 9 (6), 1183–1197. https://doi.org/10.1016/j.icte.2023.04.003
  8. Ussatova, O., Makilenov, S., Mukaddas, A., Amanzholova, S., Begimbayeva, Y., Ussatov, N. (2023). Enhancing healthcare data security: a two-step authentication scheme with cloud technology and blockchain. Eastern-European Journal of Enterprise Technologies, 6 (2 (126)), 6–16. https://doi.org/10.15587/1729-4061.2023.289325
  9. Faruk, M. J. H., Basney, J., Cheng, J. Q. (2023). Blockchain-Based Decentralized Verifiable Credentials: Leveraging Smart Contracts for Privacy-Preserving Authentication Mechanisms to Enhance Data Security in Scientific Data Access. 2023 IEEE International Conference on Big Data (BigData), 5493–5502. https://doi.org/10.1109/bigdata59044.2023.10386360
  10. Yang, H., Guo, Y., Guo, Y. (2024). Fault-tolerant security-efficiency combined authentication scheme for manned-unmanned teaming. Computers & Security, 146, 104052. https://doi.org/10.1016/j.cose.2024.104052
  11. Evseev, S. P., Tomashevskyy, B. P. (2015). Two-Factor Authentication Methods Threats Analysis. Radio Electronics, Computer Science, Control, 1. https://doi.org/10.15588/1607-3274-2015-1-7
  12. Rittenhouse, R., Chaudhry, J. (2016). A Survey of Alternative Authentication Methods. Proceedings of the 2015 International Conference on Recent Advances in Computer Systems. https://doi.org/10.2991/racs-15.2016.31
  13. De Cristofaro, E., Du, H., Freudiger, J., Norcie, G. (2014). A Comparative Usability Study of Two-Factor Authentication. Proceedings 2014 Workshop on Usable Security. https://doi.org/10.14722/usec.2014.23025
  14. Wang, H., Tan, G. Z., Liu, L. D. (2011). Authentication Protocol Security Assessment Framework Based on Attack Classification. Applied Mechanics and Materials, 143-144, 859–863. https://doi.org/10.4028/www.scientific.net/amm.143-144.859
  15. Current Cyber Threats for Organizations: Results of 2023. Positive Technologies. Available at: https://www.ptsecurity.com/ru-ru/research/analytics/aktualnye-kiberugrozy-dlya-organizacij-itogi-2023-goda/
  16. Wang, X., Yan, Z., Zhang, R., Zhang, P. (2021). Attacks and defenses in user authentication systems: A survey. Journal of Network and Computer Applications, 188, 103080. https://doi.org/10.1016/j.jnca.2021.103080
  17. Jiang, M., Liu, S., Han, S., Gu, D. (2024). Biometric-based two-factor authentication scheme under database leakage. Theoretical Computer Science, 1000, 114552. https://doi.org/10.1016/j.tcs.2024.114552
  18. Alaswad, A. O., Montaser, A. H., Mohamad, F. E. (2014). Vulnerabilities of Biometric Authentication "Threats and Countermeasures". International Journal of Information & Computation Technology, 4 (10), 947–958. Available at: https://www.ripublication.com/irph/ijict_spl/ijictv4n10spl_01.pdf
  19. Mihajlov, M., Jerman-Blazic, B., Josimovski, S. (2011). A conceptual framework for evaluating usable security in authentication mechanisms - usability perspectives. 2011 5th International Conference on Network and System Security, 332–336. https://doi.org/10.1109/icnss.2011.6060025
  20. Mihajlov, M., Blazic, B. J., Josimovski, S. (2011). Quantifying Usability and Security in Authentication. 2011 IEEE 35th Annual Computer Software and Applications Conference, 626–629. https://doi.org/10.1109/compsac.2011.87
  21. Robles-González, A., Parra-Arnau, J., Forné, J. (2020). A LINDDUN-Based framework for privacy threat analysis on identification and authentication processes. Computers & Security, 94, 101755. https://doi.org/10.1016/j.cose.2020.101755
  22. Wang, C., Wang, Y., Chen, Y., Liu, H., Liu, J. (2020). User authentication on mobile devices: Approaches, threats and trends. Computer Networks, 170, 107118. https://doi.org/10.1016/j.comnet.2020.107118
  23. Karim, N. A., Khashan, O. A., Kanaker, H., Abdulraheem, W. K., Alshinwan, M., Al-Banna, A.-K. (2024). Online Banking User Authentication Methods: A Systematic Literature Review. IEEE Access, 12, 741–757. https://doi.org/10.1109/access.2023.3346045
The development of an evaluation model for user authentication methods with security, usability, and usage frequency

Downloads

Published

2025-06-30

How to Cite

Ussatova, O., Makilenov, S., Karyukin, V., Razaque, A., Amanzholova, S., & Begimbayeva, Y. (2025). The development of an evaluation model for user authentication methods with security, usability, and usage frequency. Eastern-European Journal of Enterprise Technologies, 3(2 (135), 17–29. https://doi.org/10.15587/1729-4061.2025.333720

Issue

Vol. 3 No. 2 (135) (2025): Information technology. Industry control systems

Section

Information technology

License

Copyright (c) 2025 Olga Ussatova, Shakirt Makilenov, Vladislav Karyukin, Abdul Razaque, Saule Amanzholova, Yenlik Begimbayeva

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.

A license agreement is a document in which the author warrants that he/she owns all copyright for the work (manuscript, article, etc.).
The authors, signing the License Agreement with TECHNOLOGY CENTER PC, have all rights to the further use of their work, provided that they link to our edition in which the work was published.
According to the terms of the License Agreement, the Publisher TECHNOLOGY CENTER PC does not take away your copyrights and receives permission from the authors to use and dissemination of the publication through the world's scientific resources (own electronic resources, scientometric databases, repositories, libraries, etc.).
In the absence of a signed License Agreement or in the absence of this agreement of identifiers allowing to identify the identity of the author, the editors have no right to work with the manuscript.
It is important to remember that there is another type of agreement between authors and publishers – when copyright is transferred from the authors to the publisher. In this case, the authors lose ownership of their work and may not use it in any way.