My Research

Navigating the Digital Frontier: The Importance of Human-Centered Cybersecurity

Contemporary cybersecurity encompasses not only technical measures such as firewalls and algorithms but also the crucial human element. As cyber threats continue to evolve, organizations are placing greater emphasis on the intricate interaction between human behaviour and technology, thereby highlighting the critical role of human factors in cybersecurity.

The Interdisciplinary Domain of Human Factors in Cybersecurity

According to Rahman, T et al., (2021), computer science researchers have traditionally concentrated on the technical aspects of security, such as encryption and network mechanisms. However, Khadka, K, and Ullah, A.S.S.M.B., in their 2025 work, observe that the human element, frequently considered the “weakest link” in the security chain, is now recognized as profoundly influencing the effectiveness and resilience of digital security systems. This interdisciplinary field, as articulated by Pollini, A., et al. in 2021, integrates insights from computer science, human-computer interaction, organizational psychology, and behavioural sciences to gain a comprehensive understanding of how individuals interact with security technologies. The overarching goal is to transcend a purely technology-centric viewpoint and instead prioritize the cognitive characteristics, needs, and motivations of end-users.

The Challenge of Authentication Fatigue in Enterprise Environments

Authentication processes often create significant friction for employees within enterprise environments. While multi-factor authentication is widely acknowledged for its security benefits, studies by Hastings, S., et al. (2023), indicate that these systems frequently introduce additional steps, leading to user frustration, reduced productivity, and the phenomenon known as authentication fatigue. Furthermore, Schaffer, K. (2019), notes that overly complex authentication procedures can inadvertently prompt employees to adopt insecure workarounds. This challenge underscores the persistent dilemma of enhancing security without alienating users, as highlighted by Realpe-Muñoz, P., et al. (2017).  Achieving an effective balance between security and usability thus remains a significant hurdle, particularly for user authentication services.

The Potential of Adaptive Multi-Factor Authentication and Context-Aware Systems Adaptive Multi-Factor Authentication and context-aware authentication systems represent substantial advancements in authentication technology. According to Phan, K., (2018), AMFA is an advanced form of multi-factor authentication that intelligently adjusts authentication requirements based on dynamic factors such as user behaviour, location, device, and time. This approach allows authentication processes to be streamlined in low-risk scenarios, while demanding additional verification in higher-risk situations, a point also supported by Wiefling, S., et al. (2020).

Context-aware systems, as meticulously described by Yu, N. et al. (2019) and Kim, S-H. et al. (2018), further enhance authentication by continuously monitoring the user’s environment and behaviour. This continuous monitoring enables either implicit authentication or the dynamic selection of the most suitable authentication methods. This sophisticated approach aims to minimize user burden while simultaneously maintaining or even enhancing overall security.

Investigating the Human Dimension of Authentication: A Human-Centered Study

The proposed research is titled: EVALUATING THE IMPACT OF ADAPTIVE MULTI-FACTOR AUTHENTICATION ON USABILITY AND PERCEIVED SECURITY IN ENTERPRISE ENVIRONMENTS, with the subtitle A Human-Centered Study of Context-Aware Authentication Systems and Their Effect on Employee Experience and Trust.

This proposal focuses intently on the essential balance between robust security measures and a positive employee experience. It recognizes that security measures can only be truly effective if they are properly adopted and consistently utilized by employees. By employing a human-centered approach, as suggested by Pilson, C.S., and McElroy, J.C., (2015), the research aims to understand authentication systems from both organizational and user perspectives, rather than concentrating solely on their technical specifications.

Specifically, the study will investigate the following key aspects:

• Usability: This aspect examines how easy and efficient adaptive MFA and context-aware authentication systems are for employees to integrate into their daily work. Baseer, S., and Charumathi, K. S., in 2024, along with Das, S., et al., in 2019, emphasize that poor usability can significantly hinder the widespread adoption of MFA, even when it offers improved security.
• Perceived Security: This explores whether employees feel more secure when using these adaptive systems. Zimmermann, V., et al. (2022) and Nanda, A., et al. (2023), demonstrate that user perceptions profoundly influence whether security technologies are adopted and used effectively, sometimes even deviating from the actual technical security features.
• Employee Experience: This assesses how these systems impact employee productivity, satisfaction, and overall morale. Sasse M.A., et al. (2014), found that a high workload and disruptions resulting from authentication tasks can lead to frustration and reduced productivity.
• Trust: This investigates whether the adaptive nature of these systems fosters or erodes trust in the organization’s security practices and the systems themselves. Weir, S.E., and her colleagues have shown in their 2008 and 2009 studies that user preferences for authentication methods are also influenced by their perceptions of security, convenience, and usability.

By thoroughly examining these human-centric aspects, the research seeks to offer valuable insights into the optimal design and implementation of adaptive and context-aware authentication systems that enhance both security and employee well-being within enterprise environments. This work is essential for advancing toward a future in which cybersecurity is seamlessly integrated and fully trusted as an integral part of the employee experience.

References

• Baseer, S. and Charumathi, K.S. (2024) “Multi-Factor Authentication: A User Experience Study,” Available at: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4840295 and accessed on the 2^nd of September 2025.
• Das, S. et al. (2019) “Evaluating User Perception of Multi-Factor Authentication: A Systematic Review,” Available at: https://arxiv.org/abs/1908.05901 and accessed on the 2^nd of September 2025
• Hastings, S. et al. (2023) “Measuring user costs of enterprise multifactor authentication policies,” Available at: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4669442 and accessed on the 1^st of September 2025.
• Khadka, K. and Ullah, A.S.S.M.B. (2025) “Human factors in cybersecurity: an interdisciplinary review and framework proposal,” Available at https://dl.acm.org/doi/abs/10.1007/s10207-025-01032-0 and accessed on the 5^th of September 2025.
• Kim, S.-H. et al. (2018) “Context-Aware Multimodal FIDO Authenticator for Sustainable IT Services,” Available at: https://www.mdpi.com/2071-1050/10/5/1656 and accessed on the 9^th of September 2025.
• Nanda, A. et al. (2023) “Examining usable security features and user perceptions of Physical Authentication Devices,” Available at: https://dl.acm.org/doi/10.1016/j.cose.2023.103664 and accessed on the 9^th of September 2025.
• Phan, K. (2018) “Implementing Resiliency of Adaptive Multi-Factor Authentication Systems.” Available at: https://repository.stcloudstate.edu/cgi/viewcontent.cgi?article=1095&context=msia_etds  and accessed on the 4^th of September 2025.
• Pilson, C.S. and McElroy, J.C. (2015) “A Typology of Authentication Systems,” Available at: https://arxiv.org/pdf/1509.00961  and accessed on the 3^rd of September 2025.
• Pollini, A. et al. (2021) “Leveraging human factors in cybersecurity: an integrated methodological approach,” Available at: https://dl.acm.org/doi/10.1007/s10111-021-00683-y and accessed on the 4^th of September 2025.
• Rahman, T. et al. (2021) “Human Factors in Cybersecurity: A Scoping Review.” Available at: https://dl.acm.org/doi/10.1145/3468784.3468789 and accessed on the 7^th of September 2025.
• Realpe-Muñoz, P. et al. (2017) “Design process for usable security and authentication using a user-centered approach,” Available at =: https://dl.acm.org/doi/10.1145/3123818.3123838 and accessed on the 9^th of September 2025.
• Sasse, M.A. et al. (2014) “The Great Authentication Fatigue – And How to Overcome It,” Available at: https://discovery.ucl.ac.uk/id/eprint/1434817/ and accessed on the 2^nd of September 2025.
• Schaffer, K. (2019) “Rethinking Authentication,” Available at: https://ieeexplore.ieee.org/document/8896131 and accessed on the 5^th of September 2025.
• Weir, C.S. et al. (2008) “User perceptions of security, convenience and usability for ebanking authentication tokens,” Available at: https://www.sciencedirect.com/science/article/abs/pii/S0167404808000941?via%3Dihub and accessed on the 6^th of September 2025.
• Weir, C.S. et al. (2009) “Usable security: User preferences for authentication methods in eBanking and the effects of experience,” Available at: https://academic.oup.com/iwc/article-abstract/22/3/153/693231 and accessed on the 6^th of September 2025.
• Wiefling, S., Dürmuth, M. and Iacono, L.L. (2020) “More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication,” Available at: https://arxiv.org/abs/2010.00339 and accessed on the 6^th of September 2025.
• Yu, N. et al. (2019) “Context-Aware Continuous Authentication and Dynamic Device Pairing for Enterprise IoT,” Available at: https://link.springer.com/chapter/10.1007/978-3-030-23357-0_9 and accessed on the 4^th of September 2025.
• Zimmermann, V., Gerber, P.J. and Stöver, A. (2022) “That Depends — Assessing User Perceptions of Authentication Schemes across Contexts of Use,” Available at: https://arxiv.org/abs/2209.13958 and accessed on the 3^rd of September 2025.