Prof Shvartzshnaider co-authored a paper on "" with Noah Apthorpe and Boen Beavers,聽Colgate University 聽and Brett Frischmann,聽Villanova University that will appear in the processing of the Twenty-First Symposium on Usable Privacy and Security
"In this paper, we examine the authentication policies of a diverse set of 135 colleges and universities in the United States and Canada to determine compliance with four standards from NIST Special Publication 800-63 Digital Identity Guidelines.
We find widespread, but not universal, deployment of multi-factor authentication across institutions. We also find prevalent outdated use of password expiration, password composition rules, and knowledge-based authentication. These results support further investment and research into incentive structures for standards compliance and the diffusion of expert guidance to practitioners."