Skip to content

Engineers at Rutgers aim to improve reporting of user login systems

Janne Lindqvist, senior author of the study and assistant professor in the Department of Electrical and Computer Engineering, found that most user systems are inadequate.  – Photo by

A Rutgers study is working on a new way to improve computer, smartphone and internet security, according to Rutgers Today

Currently, there is inadequate research on the efficiency of systems that confirm a person's identity when they log into a device. 

“Our paper represents a major advance toward understanding authentication systems,” said Janne Lindqvist, senior author of the study and assistant professor in the Department of Electrical and Computer Engineering. “Surprisingly, we found that commonly used metrics in research for reporting the performance of user login systems are flawed. This means the systems may not work well, and that can have serious, real-life consequences for proposed systems that are adopted based on misleading metrics.” 

The purpose of user systems — also known as authentication systems — is to make sure that the person who logs into an online device, email account or financial account is who they actually claim to be. Typing a username and text-based password is one of the most popular ways to currently log in. 

Engineers at Rutgers looked at 35 recent research papers on authentication systems, and found that 94 percent of them had errors in what they were reporting. There was also no consistency in how system performance metrics were reported. The metrics themselves were also deemed inadequate by the engineers. 

As a result, the team came up with a new method to provide researchers, government agencies and the public more accurate information on the success of their authentication systems and how they can be improved, Lindqvist said. 

The solution involves combining both a commonly-used metric from other fields and a rarely-used one, drawing on the strengths of both metrics. The commonly-used metric gives a general overview of how well the authentication system functions, while the rarely-used one determines whether there is any misleading data in the system performance. In conjunction, they can be utilized to measure how successful a user login system is. 

Other members of the study, who will be published in the Network and Distributed System Security Symposium, are doctoral students Shridatt (James) Sugrim and Can Liu, and post-doctoral student Meghan McLean. 

“We believe it is crucial for our community to adopt more transparent reporting of metrics and performance,” according to the study. 

Join our newsletterSubscribe